fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-10-01
Updated
2021-08-31
The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-10-05
Updated
2017-08-29
Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.
Max CVSS
1.7
EPSS Score
0.04%
Published
2010-09-16
Updated
2017-09-19
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.
Max CVSS
2.1
EPSS Score
0.04%
Published
2008-01-10
Updated
2011-03-08
Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-09-27
Updated
2017-07-20
Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-12-15
Updated
2018-10-19
LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-10-23
Updated
2008-09-05
ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.
Max CVSS
2.1
EPSS Score
0.07%
Published
2005-07-12
Updated
2008-09-05
Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.
Max CVSS
1.2
EPSS Score
0.05%
Published
2005-05-02
Updated
2017-07-11
lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-10
Updated
2017-07-11
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-07
Updated
2018-08-13
The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-11-03
Updated
2017-07-11
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-12-31
Updated
2008-09-05
clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-08-12
Updated
2008-09-10
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-11-14
Updated
2017-10-10
AIX techlibss allows local users to overwrite files via a symlink attack.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-01-10
Updated
2016-10-18
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
Max CVSS
1.2
EPSS Score
0.04%
Published
1998-02-25
Updated
2017-10-10
(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.
Max CVSS
1.2
EPSS Score
0.06%
Published
1998-06-11
Updated
2008-09-05
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
Max CVSS
2.1
EPSS Score
0.04%
Published
1997-03-05
Updated
2016-10-18
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-12-31
Updated
2017-10-10
Denial of service in BIND named via naptr.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-11-10
Updated
2018-10-30
Denial of service in AIX ptrace system call allows local users to crash the system.
Max CVSS
2.1
EPSS Score
0.06%
Published
1999-08-11
Updated
2008-09-09
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.
Max CVSS
N/A
EPSS Score
3.80%
Published
1992-03-01
Updated
2022-08-17
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Max CVSS
2.1
EPSS Score
88.08%
Published
1997-08-01
Updated
2022-11-14
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
Max CVSS
1.9
EPSS Score
0.04%
Published
1996-04-18
Updated
2022-08-17
25 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!