| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file. |
| Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code. |
| Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection. |
| genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. |
| The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). |
| Buffer overflow in University of Washington's implementation of IMAP and POP servers. |
| Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump). |
| Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called." |
| Denial of service in BIND named via naptr. |
| Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root. |
| IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers. |
| Denial of service in BIND named via malformed SIG records. |
| AIX piodmgrsu command allows local users to gain additional group privileges. |
| AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. |
| Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet. |
| sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack. |
| Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands. |
| Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. |
| Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames. |
| Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames. |
