| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges. |
| The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion). |
| Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument. |
| Buffer overflow in AIX dtterm program for the CDE. |
| Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. |
| The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c. |
| A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. |
| The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. |
| IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail. |
| Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges. |
| FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. |
| RIP v1 is susceptible to spoofing. |
| Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors. |
| The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities. |
| lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter. |
| The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. |
| Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391. |
| Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program. |
| Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. |
| Buffer overflow of rlogin program using TERM environmental variable. |
