Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 allows attackers to cause a denial of service (daemon hang) via unknown vectors, related to libtli.
Max CVSS
7.8
EPSS Score
0.21%
Published
2009-06-08
Updated
2017-08-17
Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300-11-02 allows attackers to cause a denial of service (LDAP login failure) via unknown vectors. NOTE: some of these details are obtained from third party information. NOTE: there may be no attacker role, and the issue may be triggered entirely by an administrator's installation of an official service pack.
Max CVSS
7.8
EPSS Score
0.12%
Published
2010-03-03
Updated
2010-03-04
bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on "systems with databases cataloged with alternate servers using IP addresses."
Max CVSS
7.8
EPSS Score
0.09%
Published
2010-03-26
Updated
2010-03-29
IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194.
Max CVSS
7.8
EPSS Score
6.90%
Published
2012-03-02
Updated
2018-01-10
IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
Max CVSS
7.8
EPSS Score
0.08%
Published
2017-02-01
Updated
2017-09-03
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.
Max CVSS
7.8
EPSS Score
0.09%
Published
2017-02-15
Updated
2021-08-31
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-02-15
Updated
2021-08-31
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-02-02
Updated
2019-10-03
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-02-07
Updated
2018-02-26
IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556.
Max CVSS
7.8
EPSS Score
0.04%
Published
2023-01-18
Updated
2023-01-25
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
Max CVSS
7.5
EPSS Score
1.65%
Published
1997-12-10
Updated
2022-08-17
Buffer overflow in NLS (Natural Language Service).
Max CVSS
7.5
EPSS Score
0.60%
Published
1997-02-13
Updated
2022-08-17
Vacation program allows command execution by remote users through a sendmail command.
Max CVSS
7.5
EPSS Score
0.75%
Published
1998-11-16
Updated
2008-09-09
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.
Max CVSS
7.5
EPSS Score
2.17%
Published
1996-08-21
Updated
2018-05-03
AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled.
Max CVSS
7.5
EPSS Score
0.68%
Published
1994-06-03
Updated
2022-08-17
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
Max CVSS
7.5
EPSS Score
1.13%
Published
1999-09-13
Updated
2018-10-30
genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.
Max CVSS
7.5
EPSS Score
1.40%
Published
1999-10-26
Updated
2022-08-17
Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings."
Max CVSS
7.5
EPSS Score
0.51%
Published
1998-07-06
Updated
2017-07-11
Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.
Max CVSS
7.5
EPSS Score
0.21%
Published
2001-12-31
Updated
2008-09-05
Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges.
Max CVSS
7.5
EPSS Score
0.20%
Published
2001-12-31
Updated
2008-09-05
CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.
Max CVSS
7.5
EPSS Score
0.79%
Published
2002-07-23
Updated
2018-10-30
Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type."
Max CVSS
7.5
EPSS Score
0.51%
Published
2002-12-31
Updated
2017-07-11
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
Max CVSS
7.5
EPSS Score
96.79%
Published
2003-03-25
Updated
2020-01-21
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
Max CVSS
7.5
EPSS Score
0.29%
Published
2003-03-03
Updated
2018-10-30
The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.
Max CVSS
7.5
EPSS Score
1.05%
Published
2004-02-03
Updated
2008-09-05
160 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!