| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. |
| AIX routed allows remote users to modify sensitive files. |
| Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument. |
| Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. |
| Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files. |
| AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. |
| LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file. |
| diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. |
| Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument. |
| ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. |
| Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors. |
| create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service. |
| Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273. |
| The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002. |
| Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. |
| Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter. |
| lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack. |
| Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler. |
| The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. |
| BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. |
