Ibm Aix vulnerabilities

370 known vulnerabilities affecting ibm/aix.

Total CVEs

370

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL47HIGH177MEDIUM119LOW26

Vulnerabilities

Page 12 of 19

CVE-2005-0240HIGHCVSS 7.2v5.22005-05-02

CVE-2005-0240 [HIGH] CVE-2005-0240: Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message.

nvd

CVE-2005-0263HIGHCVSS 7.2PoCv5.1v5.2+1 more2005-05-02

CVE-2005-0263 [HIGH] CVE-2005-0263: Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.

nvd

CVE-2005-0262HIGHCVSS 7.2PoCv5.1v5.2+1 more2005-05-02

CVE-2005-0262 [HIGH] CVE-2005-0262: Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.

nvd

CVE-2005-0250HIGHCVSS 7.2v5.1v5.2+1 more2005-05-02

CVE-2005-0250 [HIGH] CVE-2005-0250: Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execut Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument.

nvd

CVE-2005-1176LOWCVSS 1.2v5.2.0.50v5.2.0.54+2 more2005-05-02

CVE-2005-1176 [LOW] CVE-2005-1176: Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for tha Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.

nvd

CVE-2005-0261LOWCVSS 2.1v5.2v5.32005-02-10

CVE-2005-0261 [LOW] CVE-2005-0261: lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing th lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.

nvd

CVE-2005-0156LOWCVSS 2.1PoCv5.2v5.32005-02-07

CVE-2005-0156 [LOW] CVE-2005-0156: Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sper Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

nvd

CVE-2004-1028HIGHCVSS 7.2v5.1v5.1l+5 more2005-01-10

CVE-2004-1028 [HIGH] CVE-2004-1028: Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local user Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.

nvd

CVE-2004-1054HIGHCVSS 7.2PoCv5.1v5.1l+5 more2005-01-10

CVE-2004-1054 [HIGH] CVE-2004-1054: Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local u Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.

nvd

CVE-2004-2388CRITICALCVSS 10.0v4.3.32004-12-31

CVE-2004-2388 [CRITICAL] CVE-2004-2388: rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.

nvd

CVE-2004-1330HIGHCVSS 7.2PoCv5.2v5.2.2+3 more2004-12-31

CVE-2004-1330 [HIGH] CVE-2004-1330: Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username.

nvd

CVE-2004-2312HIGHCVSS 7.2PoCv4.3.32004-12-31

CVE-2004-2312 [HIGH] CVE-2004-2312: Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain pri Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.

nvd

CVE-2004-2697MEDIUMCVSS 6.9PoCv4.3.3v5.1+1 more2004-12-31

CVE-2004-2697 [MEDIUM] CWE-362 CVE-2004-2697: The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.

nvd

CVE-2004-1329HIGHCVSS 7.2PoCv5.1v5.1l+5 more2004-12-20

CVE-2004-1329 [HIGH] CVE-2004-1329: Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.

nvd

CVE-2004-0243MEDIUMCVSS 5.0≥ 4.3.3, ≤ 5.12004-11-23

CVE-2004-0243 [MEDIUM] CWE-203 CVE-2004-0243: AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.

nvd

CVE-2004-0828LOWCVSS 2.1v5.2v5.32004-11-03

CVE-2004-0828 [LOW] CVE-2004-0828: The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop pri The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.

nvd

CVE-2004-0545HIGHCVSS 7.2v5.1v5.22004-08-06

CVE-2004-0545 [HIGH] CVE-2004-0545: LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack. LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack.

nvd

CVE-2004-0544HIGHCVSS 7.2PoCv4.3.3v5.1+1 more2004-08-06

CVE-2004-0544 [HIGH] CVE-2004-0544: Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1 Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.

nvd

CVE-2004-0368CRITICALCVSS 10.0v4.3.3v5.1+1 more2004-05-04

CVE-2004-0368 [CRITICAL] CWE-119 CVE-2004-0368: Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows re Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.

nvd

CVE-2003-0257HIGHCVSS 7.2v4.3v4.3.1+4 more2004-04-15

CVE-2003-0257 [HIGH] CVE-2003-0257: Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local user Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.

nvd

← Previous12 / 19Next →