Shodan
Vulnerabilities
Vulnerable Software
Ibm:  >> Aix  Security Vulnerabilities
CVE-2005-1176
Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.
CVSS Score
1.2
EPSS Score
0.001
Published
2005-05-02
CVE-2005-0261
lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.
CVSS Score
2.1
EPSS Score
0.001
Published
2005-02-10
CVE-2005-0156
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
CVSS Score
2.1
EPSS Score
0.004
Published
2005-02-07
CVE-2004-1028
Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.
CVSS Score
7.2
EPSS Score
0.0
Published
2005-01-10
CVE-2004-1054
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
CVSS Score
7.2
EPSS Score
0.004
Published
2005-01-10
CVE-2004-1330
Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username.
CVSS Score
7.2
EPSS Score
0.003
Published
2004-12-31
CVE-2004-2312
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.
CVSS Score
7.2
EPSS Score
0.003
Published
2004-12-31
CVE-2004-2388
rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.
CVSS Score
10.0
EPSS Score
0.01
Published
2004-12-31
CVE-2004-2634
The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors.
CVSS Score
6.2
EPSS Score
0.0
Published
2004-12-31
CVE-2004-2697
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.
CVSS Score
6.9
EPSS Score
0.007
Published
2004-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved