| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion). |
| Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system. |
| Some implementations of rlogin allow root access if given a -froot parameter. |
| Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges. |
| Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors. |
| The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities. |
| The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. |
| The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. |
| Buffer overflow in AIX dtterm program for the CDE. |
| Buffer overflow in AIX lquerylv program gives root access to local users. |
| Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225. |
| Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow. |
| Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program. |
| Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable. |
| Buffer overflow in lscfg of unknown versions of AIX has unknown impact. |
| inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd. |
| Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. |
| Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type." |
| Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code. |
| named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file. |
