Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Aix
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 383 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-05-02 | CVE-2005-0250 | Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument. | Aix | N/A | ||
| 2005-05-02 | CVE-2005-0240 | Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message. | Aix | N/A | ||
| 2004-12-31 | CVE-2004-2697 | The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002. | Aix | N/A | ||
| 2004-12-31 | CVE-2004-2634 | The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors. | Aix | N/A | ||
| 2004-12-31 | CVE-2004-2388 | rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user. | Aix | N/A | ||
| 2004-12-31 | CVE-2004-2312 | Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. | Aix | N/A | ||
| 2004-12-31 | CVE-2004-1330 | Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username. | Aix | N/A | ||
| 2004-12-20 | CVE-2004-1329 | Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. | Aix | N/A | ||
| 2005-01-10 | CVE-2004-1054 | Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout. | Aix | N/A | ||
| 2005-01-10 | CVE-2004-1028 | Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod. | Aix | N/A |