| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. |
| Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used." |
| Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system. |
| Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning. |
| The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). |
| AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program. |
| Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter. |
| Denial of service in BIND named via naptr. |
| Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. |
| Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code. |
| Denial of service in BIND named via malformed SIG records. |
| Various vulnerabilities in the AIX portmir command allows local users to obtain root access. |
| DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe. |
| An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. |
| Buffer overflow in AIX lquerylv program gives root access to local users. |
| Buffer overflow in University of Washington's implementation of IMAP and POP servers. |
| Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges. |
| Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow. |
| Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. |
| ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class. |
