Ibm

Vios

81 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2016-6079

  • EPSS 2.05%
  • Veröffentlicht 15.02.2017 19:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

4.3

CVE-2016-0281

  • EPSS 3.57%
  • Veröffentlicht 08.08.2016 01:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.

4.3

CVE-2016-0266

  • EPSS 0.7%
  • Veröffentlicht 08.08.2016 01:59:00
  • Zuletzt bearbeitet 12.04.2025 10:46:40

IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

7.2

CVE-2014-8904

  • EPSS 0.56%
  • Veröffentlicht 15.01.2015 22:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.

4.3

CVE-2014-3566

  • EPSS 94.02%
  • Veröffentlicht 15.10.2014 00:55:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

7.2

CVE-2014-3074

  • EPSS 0.08%
  • Veröffentlicht 02.07.2014 10:35:25
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a se...

6.9

CVE-2014-3977

  • EPSS 0.16%
  • Veröffentlicht 08.06.2014 23:55:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

4.7

CVE-2014-0930

Exploit
  • EPSS 0.11%
  • Veröffentlicht 08.05.2014 10:55:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

6.8

CVE-2012-4845

  • EPSS 0.44%
  • Veröffentlicht 20.10.2012 10:41:27
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executa...

2.1

CVE-2012-4833

  • EPSS 0.05%
  • Veröffentlicht 01.10.2012 18:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.