Vulnerabilities > IBM > Vios
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-10-16 | CVE-2015-4948 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors. | 6.9 |
| 2015-01-15 | CVE-2014-8904 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. | 7.2 |
| 2014-10-15 | CVE-2014-3566 | Cryptographic Issues vulnerability in multiple products The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | 3.4 |
| 2014-07-02 | CVE-2014-3074 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program. | 7.2 |
| 2014-06-08 | CVE-2014-3977 | Link Following vulnerability in IBM AIX and Vios libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | 6.9 |
| 2014-05-08 | CVE-2014-0930 | Unspecified vulnerability in IBM AIX and Vios The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. local ibm | 4.7 |
| 2013-07-18 | CVE-2013-4011 | Local Privilege Escalation vulnerability in IBM AIX Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat. | 7.2 |
| 2013-07-06 | CVE-2013-3005 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors. | 8.5 |
| 2013-06-21 | CVE-2013-3035 | Improper Input Validation vulnerability in IBM AIX and Vios The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface. | 7.1 |
| 2012-10-20 | CVE-2012-4845 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. | 6.8 |