Total
73 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-29741 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478. | |||||
CVE-2021-29727 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106. | |||||
CVE-2021-29862 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086. | |||||
CVE-2021-29801 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977. | |||||
CVE-2020-4829 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960. | |||||
CVE-2020-4788 | 3 Fedoraproject, Ibm, Oracle | 7 Fedora, Aix, Power9 and 4 more | 2024-02-28 | 1.9 LOW | 4.7 MEDIUM |
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. | |||||
CVE-2020-4887 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911. | |||||
CVE-2016-8972 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | |||||
CVE-2016-6079 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. | |||||
CVE-2015-4948 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 6.9 MEDIUM | N/A |
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors. | |||||
CVE-2016-0266 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2016-0281 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. | |||||
CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2024-02-28 | 4.3 MEDIUM | 3.4 LOW |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | |||||
CVE-2014-0930 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 4.7 MEDIUM | N/A |
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. | |||||
CVE-2014-8904 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.2 HIGH | N/A |
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. | |||||
CVE-2014-3977 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 6.9 MEDIUM | N/A |
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. | |||||
CVE-2014-3074 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.2 HIGH | N/A |
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program. | |||||
CVE-2012-4833 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 2.1 LOW | N/A |
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. | |||||
CVE-2013-3035 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.1 HIGH | N/A |
The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface. | |||||
CVE-2012-4817 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 5.0 MEDIUM | N/A |
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors. |