Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-4805 |
IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. Published: September 04, 2014; 6:55:07 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2014-3074 |
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program. Published: July 02, 2014; 6:35:25 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2014-3977 |
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. Published: June 08, 2014; 7:55:04 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2014-0930 |
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. Published: May 08, 2014; 6:55:03 AM -0400 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2013-5419 |
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership. Published: October 04, 2013; 6:44:07 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2013-4011 |
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat. Published: July 18, 2013; 12:51:55 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2013-3005 |
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors. Published: July 06, 2013; 9:57:36 AM -0400 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2013-3035 |
The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface. Published: June 21, 2013; 10:55:01 AM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2012-4845 |
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. Published: October 20, 2012; 6:41:27 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4833 |
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. Published: October 01, 2012; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2012-4817 |
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors. Published: September 14, 2012; 7:55:15 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-0723 |
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application. Published: July 30, 2012; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2012-2200 |
The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory. Published: June 27, 2012; 6:18:37 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-2179 |
libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. Published: June 22, 2012; 6:24:07 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2012-2192 |
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list. Published: June 20, 2012; 6:27:28 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2012-0745 |
The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors. Published: May 04, 2012; 12:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-1796 |
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. Published: March 20, 2012; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2012-0711 |
Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow. Published: March 20, 2012; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2011-1385 |
IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194. Published: March 02, 2012; 5:55:01 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2012-0194 |
The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets. Published: February 06, 2012; 3:55:02 PM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |