fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.
Max CVSS
2.1
EPSS Score
0.04%
Published
2012-10-01
Updated
2021-08-31
The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs.
Max CVSS
2.1
EPSS Score
0.04%
Published
2011-10-05
Updated
2017-08-29
Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.
Max CVSS
1.7
EPSS Score
0.04%
Published
2010-09-16
Updated
2017-09-19
Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.
Max CVSS
2.1
EPSS Score
0.04%
Published
2008-01-10
Updated
2011-03-08
Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.
Max CVSS
2.1
EPSS Score
0.04%
Published
2006-09-27
Updated
2017-07-20
Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-12-15
Updated
2018-10-19
LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-10-23
Updated
2008-09-05
ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.
Max CVSS
2.1
EPSS Score
0.07%
Published
2005-07-12
Updated
2008-09-05
Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.
Max CVSS
1.2
EPSS Score
0.05%
Published
2005-05-02
Updated
2017-07-11
lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-10
Updated
2017-07-11
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-07
Updated
2018-08-13
The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-11-03
Updated
2017-07-11
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-12-31
Updated
2008-09-05
clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.
Max CVSS
2.1
EPSS Score
0.04%
Published
2002-08-12
Updated
2008-09-10
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-11-14
Updated
2017-10-10
AIX techlibss allows local users to overwrite files via a symlink attack.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-01-10
Updated
2016-10-18
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
Max CVSS
1.2
EPSS Score
0.04%
Published
1998-02-25
Updated
2017-10-10
(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.
Max CVSS
1.2
EPSS Score
0.06%
Published
1998-06-11
Updated
2008-09-05
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
Max CVSS
2.1
EPSS Score
0.04%
Published
1997-03-05
Updated
2016-10-18
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-12-31
Updated
2017-10-10
Denial of service in BIND named via naptr.
Max CVSS
2.1
EPSS Score
0.04%
Published
1999-11-10
Updated
2018-10-30
Denial of service in AIX ptrace system call allows local users to crash the system.
Max CVSS
2.1
EPSS Score
0.06%
Published
1999-08-11
Updated
2008-09-09
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.
Max CVSS
N/A
EPSS Score
3.80%
Published
1992-03-01
Updated
2022-08-17
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Max CVSS
2.1
EPSS Score
88.08%
Published
1997-08-01
Updated
2022-11-14
pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.
Max CVSS
1.9
EPSS Score
0.04%
Published
1996-04-18
Updated
2022-08-17
25 vulnerabilities found