Vulnerabilities > IBM > Vios
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-10-01 | CVE-2012-4833 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. | 2.1 |
2012-09-14 | CVE-2012-4817 | Unspecified vulnerability in IBM AIX and Vios The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors. | 5.0 |
2012-07-30 | CVE-2012-0723 | Improper Input Validation vulnerability in IBM AIX and Vios The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application. | 4.9 |
2012-06-27 | CVE-2012-2200 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory. | 7.2 |
2012-06-20 | CVE-2012-2192 | Resource Management Errors vulnerability in IBM AIX and Vios The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list. | 4.9 |
2012-05-04 | CVE-2012-0745 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors. | 7.2 |
2012-03-02 | CVE-2011-1385 | Resource Management Errors vulnerability in IBM AIX and Vios IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194. | 7.8 |
2010-09-16 | CVE-2010-3405 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX and Vios Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors. | 6.8 |
2010-05-20 | CVE-2010-1039 | USE of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. | 10.0 |
2010-03-10 | CVE-2010-0961 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX and Vios Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. | 7.2 |