Vulnerabilities > IBM > AIX > 4.1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-08-30 | CVE-2010-3187 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command. | 10.0 |
2010-05-20 | CVE-2010-1039 | USE of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. | 10.0 |
2003-06-16 | CVE-2003-0285 | Unspecified vulnerability in IBM AIX IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail. | 5.0 |
2000-12-10 | CVE-2000-1222 | Unspecified vulnerability in IBM AIX AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program. | 7.2 |
2000-11-14 | CVE-2000-0844 | Permissions, Privileges, and Access Controls vulnerability in multiple products Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | 10.0 |
2000-05-24 | CVE-2000-0441 | Unspecified vulnerability in IBM AIX Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. | 5.0 |
1999-09-13 | CVE-1999-0691 | Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name. | 7.2 |
1999-09-13 | CVE-1999-0687 | The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands. | 7.5 |
1999-05-06 | CVE-1999-1079 | Unspecified vulnerability in IBM AIX Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program. | 4.6 |
1999-02-17 | CVE-1999-1405 | Unspecified vulnerability in IBM AIX snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a. | 10.0 |