CVE-2014-8904
- EPSS 0.96%
- Veröffentlicht 15.01.2015 22:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.
CVE-2014-3566
- EPSS 100%
- Veröffentlicht 15.10.2014 00:55:02
- Zuletzt bearbeitet 28.05.2026 18:16:23
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
CVE-2014-3074
- EPSS 0.58%
- Veröffentlicht 02.07.2014 10:35:25
- Zuletzt bearbeitet 06.05.2026 22:30:45
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a se...
CVE-2014-3977
- EPSS 0.87%
- Veröffentlicht 08.06.2014 23:55:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
CVE-2014-0930
- EPSS 0.47%
- Veröffentlicht 08.05.2014 10:55:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.
CVE-2012-4845
- EPSS 1.62%
- Veröffentlicht 20.10.2012 10:41:27
- Zuletzt bearbeitet 16.06.2026 23:45:46
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executa...
CVE-2012-4833
- EPSS 0.39%
- Veröffentlicht 01.10.2012 18:55:01
- Zuletzt bearbeitet 16.06.2026 23:45:45
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.
- EPSS 7.59%
- Veröffentlicht 14.09.2012 23:55:15
- Zuletzt bearbeitet 16.06.2026 23:45:43
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2012-0723
- EPSS 0.39%
- Veröffentlicht 30.07.2012 19:55:01
- Zuletzt bearbeitet 16.06.2026 23:38:08
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.
CVE-2012-2200
- EPSS 0.37%
- Veröffentlicht 27.06.2012 10:18:37
- Zuletzt bearbeitet 16.06.2026 23:41:10
The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.