| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. |
| Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument. |
| Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers. |
| Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. |
| Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument. |
| IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd. |
| Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors. |
| Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called." |
| The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files. |
| AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. |
| Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). |
| IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets. |
| Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. |
| Command execution in Sun systems via buffer overflow in the at program. |
| Some implementations of rlogin allow root access if given a -froot parameter. |
| IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
| IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials. |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. |
| IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server. |
