Vulnerabilities > IBM > AIX > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-12-15 | CVE-2011-4834 | Permissions, Privileges, and Access Controls vulnerability in HP Application Lifestyle Management 11 The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt. | 4.6 |
| 2011-11-11 | CVE-2011-1375 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 6.1/7.1 IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call. | 4.9 |
| 2011-04-21 | CVE-2008-7288 | Resource Management Errors vulnerability in IBM Tivoli Directory Server 5.2.0/5.2.0.4 IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operation. | 5.0 |
| 2011-04-05 | CVE-2011-1561 | Improper Authentication vulnerability in IBM AIX 6.1 The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password. | 6.8 |
| 2011-01-25 | CVE-2011-0637 | Denial of Service vulnerability in IBM AIX 6.1 The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors. | 4.9 |
| 2010-12-30 | CVE-2010-4622 | Path Traversal vulnerability in IBM Tivoli Access Manager for E-Business 6.1.1 Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (encoded dot dot) in a URI. | 5.0 |
| 2010-09-16 | CVE-2010-3405 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX and Vios Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors. | 6.8 |
| 2010-05-27 | CVE-2010-2090 | Improper Input Validation vulnerability in IBM Communications Server 6.1.3/6.3.1.0 The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. | 5.0 |
| 2009-05-26 | CVE-2009-1786 | Race Condition vulnerability in IBM AIX 5.3/6.1 The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable. | 6.9 |
| 2009-02-11 | CVE-2009-0536 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges. | 4.9 |