| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| AIX cdmount allows local users to gain root privileges via shell metacharacters. |
| Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands. |
| Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables. |
| Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine. |
| The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion). |
| Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. |
| create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service. |
| LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack. |
| Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors. |
| CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure. |
| Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure. |
| BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. |
| Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges. |
| ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. |
| Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. |
| FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. |
| The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files. |
| Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username. |
| Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. |
| rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user. |
