Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Aix
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 383 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-12-20 | CVE-2004-1329 | Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. | Aix | N/A | ||
| 2005-01-10 | CVE-2004-1054 | Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout. | Aix | N/A | ||
| 2005-01-10 | CVE-2004-1028 | Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod. | Aix | N/A | ||
| 2004-11-03 | CVE-2004-0828 | The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files. | Aix | N/A | ||
| 2004-08-06 | CVE-2004-0545 | LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack. | Aix | N/A | ||
| 2004-08-06 | CVE-2004-0544 | Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands. | Aix | N/A | ||
| 2004-05-04 | CVE-2004-0368 | Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet. | Aix, Cde_common_desktop_environment, Dextop | N/A | ||
| 2004-03-29 | CVE-2003-1018 | Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors. | Aix | N/A | ||
| 2003-12-31 | CVE-2003-0954 | Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges. | Aix | N/A | ||
| 2003-12-15 | CVE-2003-0914 | ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. | Tru64, Freebsd, Hp\-Ux, Aix, Bind, Netbsd, Namesurfer, Unixware, Solaris, Sunos | N/A |