IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.
Max CVSS
4.4
EPSS Score
0.04%
Published
2022-03-01
Updated
2022-07-12
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.
Max CVSS
4.9
EPSS Score
0.04%
Published
2021-06-28
Updated
2022-07-12
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
Max CVSS
4.3
EPSS Score
0.84%
Published
2016-08-08
Updated
2021-08-31
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.37%
Published
2016-08-08
Updated
2021-08-31

CVE-2014-3566

Public exploit
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Max CVSS
4.3
EPSS Score
97.49%
Published
2014-10-15
Updated
2023-09-12
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.
Max CVSS
4.7
EPSS Score
0.04%
Published
2014-05-08
Updated
2021-08-31
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.
Max CVSS
4.9
EPSS Score
0.04%
Published
2012-06-20
Updated
2021-08-31
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.
Max CVSS
4.9
EPSS Score
0.04%
Published
2012-07-30
Updated
2021-08-31
IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2011-11-11
Updated
2017-08-17
The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.14%
Published
2011-01-25
Updated
2017-08-17
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-11
Updated
2017-09-29
Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.
Max CVSS
4.6
EPSS Score
0.04%
Published
2008-06-02
Updated
2017-09-29
The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors.
Max CVSS
4.7
EPSS Score
0.04%
Published
2008-03-31
Updated
2011-03-08
The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-02-05
Updated
2017-08-08
Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to cause a denial of service (crash) or possibly gain privileges via a long argument to (1) piox25, related to piox25.c; or (2) piox25remote, related to piox25remote.sh.
Max CVSS
4.4
EPSS Score
0.29%
Published
2008-01-31
Updated
2017-09-29
The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-09-10
Updated
2011-03-08
rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.
Max CVSS
4.7
EPSS Score
0.04%
Published
2007-08-08
Updated
2017-07-29
Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors.
Max CVSS
4.3
EPSS Score
0.87%
Published
2007-06-04
Updated
2017-07-29
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
Max CVSS
4.6
EPSS Score
0.04%
Published
2007-02-03
Updated
2017-07-29
IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
Max CVSS
4.6
EPSS Score
0.04%
Published
2007-01-19
Updated
2018-10-16
ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.
Max CVSS
4.0
EPSS Score
0.92%
Published
2006-12-31
Updated
2011-03-08
Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-09-27
Updated
2017-07-20
39 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!