CVE Daily
← All tags

Tag: IBM AIX

All CVEs associated with "IBM AIX". Page 2/3 • 245 CVEs.

Subscribe CVEs: RSS for “IBM AIX”  ·  RSS (High+Critical only)

About “IBM AIX”

A curated feed of “IBM AIX”-related CVEs appears below. We currently track 245 CVEs for this tag (all time). In the last 365 days, 6 were published. Average CVSS is 6.6 (all time; 8.8 over 365d), and 55% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-114 - Process Control, CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-522 - Insufficiently Protected Credentials.

In our taxonomy this topic maps to a LOW impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2008-12-09
Medium

CVE-2008-5385

enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print queue is defined in /etc/qconfig, allows local users to delete arbitrary files via unspecified vectors.

CVSS: 6.9 CWE: CWE-264 View on NVD
Medium

CVE-2008-5384

crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor.

CVSS: 6.9 CWE: CWE-264 View on NVD
2008-09-11
High

CVE-2008-4018

swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this fi…

CVSS: 7.2 CWE: CWE-264 View on NVD
High

CVE-2007-6717

Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2008-06-02
High

CVE-2008-2513

Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2008-2514

Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.

CVSS: 4.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2008-2515

Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error."

CVSS: 7.2 CWE: CWE-264 View on NVD
2008-04-09
High

CVE-2008-1710

Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.

CVSS: 7.2 CWE: CWE-264 View on NVD
2008-03-31
High

CVE-2008-1593

The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileg…

CVSS: 7.2 CWE: CWE-264 View on NVD
Medium

CVE-2008-1594

The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial o…

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2008-1595

The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which…

CVSS: 4.9 CWE: CWE-264 View on NVD
High

CVE-2008-1596

Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks i…

CVSS: 7.2 CWE: CWE-264 View on NVD
Medium

CVE-2008-1597

The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."

CVSS: 4.9 CWE: N/A View on NVD
Medium

CVE-2008-1598

The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors.

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2008-1599

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdl…

CVSS: 7.2 CWE: CWE-264 View on NVD
High

CVE-2008-1600

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.

CVSS: 7.2 CWE: CWE-264 View on NVD
High

CVE-2008-1601

Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2008-03-10
Medium

CVE-2008-1274

Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory.

CVSS: 6.9 CWE: N/A View on NVD
2008-02-05
High

CVE-2008-0584

Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs.

CVSS: 7.2 CWE: CWE-264 View on NVD
Medium

CVE-2008-0585

sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting…

CVSS: 6.6 CWE: CWE-264 View on NVD
High

CVE-2008-0586

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenm…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2008-0587

Buffer overflow in the uspchrp program in devices.chrp.base.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2008-0588

Buffer overflow in the utape program in devices.scsi.tape.diag in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-264 View on NVD
Medium

CVE-2008-0589

The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors.

CVSS: 4.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2008-01-31
Medium

CVE-2008-0509

Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25r…

CVSS: 4.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2008-01-25
High

CVE-2007-5764

Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2008-01-10
Low

CVE-2007-6680

Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the…

CVSS: 2.1 CWE: N/A View on NVD
2007-11-05
Medium

CVE-2007-5804

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable w…

CVSS: 6.9 CWE: N/A View on NVD
Medium

CVE-2007-5805

cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writabil…

CVSS: 6.9 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2007-4217

Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4513

Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4621

Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4622

Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line a…

CVSS: 7.2 CWE: CWE-189 View on NVD
High

CVE-2007-4623

Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-09-10
High

CVE-2007-4791

Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-200…

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4792

Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4793

Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4794

Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long input parameter.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4795

Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4796

Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2007-4797

Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4798

Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname al…

CVSS: 6.6 CWE: CWE-264 View on NVD
2007-08-15
Medium

CVE-2007-4353

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall program…

CVSS: 6.9 CWE: N/A View on NVD
High

CVE-2007-4354

Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2007-4355

Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.

CVSS: 7.2 CWE: N/A View on NVD
2007-08-08
Medium

CVE-2007-4228

rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.

CVSS: 4.7 CWE: N/A View on NVD
2007-07-26
Medium

CVE-2007-3333

Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.

CVSS: 6.9 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2007-4003

pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.

CVSS: 6.9 CWE: N/A View on NVD
Medium

CVE-2007-4004

Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the clien…

CVSS: 6.9 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-07-11
High

CVE-2007-3680

Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable.

CVSS: 7.2 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-06-04
Medium

CVE-2007-2995

Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-2996

Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the…

CVSS: 6.6 CWE: N/A View on NVD
2007-04-02
High

CVE-2007-1798

Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name.

CVSS: 7.2 CWE: N/A View on NVD
2007-02-16
High

CVE-2007-0978

Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data.

CVSS: 7.2 CWE: N/A View on NVD
2007-02-03
Medium

CVE-2007-0670

Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.

CVSS: 4.6 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2007-01-31
High

CVE-2007-0618

Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."

CVSS: 7.5 CWE: N/A View on NVD
2007-01-19
Medium

CVE-2007-0392

IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setu…

CVSS: 4.6 CWE: N/A View on NVD
2006-12-31
Medium

CVE-2006-6914

Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2006-6915

ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.

CVSS: 4.0 CWE: N/A View on NVD
2006-09-27
Low

CVE-2006-5004

Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.

CVSS: 2.1 CWE: N/A View on NVD
High

CVE-2006-5005

Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2006-5006

Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument.

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2006-5007

Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.

CVSS: 4.6 CWE: N/A View on NVD
Critical

CVE-2006-5008

Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.

CVSS: 10.0 CWE: N/A View on NVD
High

CVE-2006-5009

Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overf…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2006-5010

Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2006-5011

Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine".

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2006-5003

Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors.

CVSS: 7.2 CWE: N/A View on NVD
2006-09-01
High

CVE-2006-4522

Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors.

CVSS: 7.2 CWE: N/A View on NVD
2006-08-28
High

CVE-2006-4416

Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg,…

CVSS: 7.2 CWE: N/A View on NVD
2006-08-21
High

CVE-2006-4254

Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors.

CVSS: 7.5 CWE: N/A View on NVD
2006-05-30
High

CVE-2006-2647

Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands.

CVSS: 7.2 CWE: N/A View on NVD
2006-05-22
Low

CVE-2006-2539

Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered…

CVSS: 3.5 CWE: N/A View on NVD
2006-03-17
High

CVE-2006-1246

Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vu…

CVSS: 7.2 CWE: N/A View on NVD
2006-03-10
Medium

CVE-2006-0667

lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.

CVSS: 4.6 CWE: N/A View on NVD
2006-02-15
Medium

CVE-2006-0666

Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors r…

CVSS: 4.9 CWE: N/A View on NVD
2006-02-13
Medium

CVE-2006-0674

Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument.

CVSS: 4.6 CWE: N/A View on NVD
2005-12-31
Medium

CVE-2005-4716

Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of service (OpenTP1 system outage) via invalid data to a port used by a system-server process, an…

CVSS: 5.0 CWE: N/A View on NVD
2005-12-15
High

CVE-2005-4271

Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code.

CVSS: 7.2 CWE: N/A View on NVD
Critical

CVE-2005-4272

Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal.

CVSS: 10.0 CWE: N/A View on NVD
Low

CVE-2005-4273

Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.

CVSS: 2.1 CWE: N/A View on NVD
2005-12-08
High

CVE-2005-4068

Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.

CVSS: 7.2 CWE: N/A View on NVD
2005-11-22
High

CVE-2005-3749

Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.

CVSS: 7.2 CWE: N/A View on NVD
2005-11-05
High

CVE-2005-3504

Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code.

CVSS: 7.5 CWE: N/A View on NVD
2005-11-01
High

CVE-2005-3396

Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.

CVSS: 7.5 CWE: N/A View on NVD
2005-10-23
Low

CVE-2005-3289

LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.

CVSS: 2.1 CWE: N/A View on NVD
2005-09-30
High

CVE-2005-3060

Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors.

CVSS: 7.2 CWE: N/A View on NVD
2005-07-12
Medium

CVE-2005-2232

Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument.

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2005-2233

Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files includ…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2005-2234

Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2005-2235

Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2005-2236

Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2005-2237

Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments.

CVSS: 7.2 CWE: N/A View on NVD
Low

CVE-2005-2238

ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.

CVSS: 2.1 CWE: N/A View on NVD
2005-05-02
High

CVE-2005-0240

Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing a…

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2005-0250

Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument.

CVSS: 7.2 CWE: N/A View on NVD
Low

CVE-2005-0991

RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files.

CVSS: 2.1 CWE: N/A View on NVD
2005-01-10
High

CVE-2004-1054

Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname"…

CVSS: 7.2 CWE: N/A View on NVD
2004-12-31
High

CVE-2004-2312

Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.

CVSS: 7.2 CWE: N/A View on NVD
Medium

CVE-2004-2634

The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors.

CVSS: 6.2 CWE: N/A View on NVD
2004-11-03
Low

CVE-2004-0828

The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary file…

CVSS: 2.1 CWE: N/A View on NVD
2004-04-15
High

CVE-2003-0257

Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.

CVSS: 7.2 CWE: N/A View on NVD
2004-03-29
Critical

CVE-2003-0170

Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.

CVSS: 10.0 CWE: N/A View on NVD
2003-06-16
Medium

CVE-2003-0285

IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabl…

CVSS: 5.0 CWE: N/A View on NVD
2003-03-31
Medium

CVE-2002-1550

dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 4.6 CWE: N/A View on NVD
Medium

CVE-2002-1551

Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code.

CVSS: 4.6 CWE: N/A View on NVD
2002-12-31
High

CVE-2002-1622

Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type."

CVSS: 7.5 CWE: N/A View on NVD
2002-10-28
Medium

CVE-2002-1201

IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing t…

CVSS: 5.0 CWE: N/A View on NVD
2002-04-22
Critical

CVE-2002-1621

Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.

CVSS: 10.0 CWE: N/A View on NVD
2002-04-01
Medium

CVE-2002-1620

Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection.

CVSS: 5.0 CWE: N/A View on NVD
2002-03-08
Medium

CVE-2002-1619

Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump).

CVSS: 5.0 CWE: N/A View on NVD
2001-12-31
Medium

CVE-2001-1554

IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.

CVSS: 5.0 CWE: N/A View on NVD
High

CVE-2001-1557

Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges.

CVSS: 7.5 CWE: N/A View on NVD
2001-08-14
High

CVE-2001-0533

Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.

CVSS: 7.2 CWE: N/A View on NVD
2001-01-09
Medium

CVE-2000-1119

Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.

CVSS: 4.6 CWE: N/A View on NVD
High

CVE-2000-1120

Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2000-1121

Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2000-1122

Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2000-1123

Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.

CVSS: 7.2 CWE: N/A View on NVD
High

CVE-2000-1124

Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.

CVSS: 7.2 CWE: N/A View on NVD