| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow. |
| IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE. |
| Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument. |
| Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets. |
| netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. |
| Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. |
| The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. |
| rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| AIX techlibss allows local users to overwrite files via a symlink attack. |
| The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files. |
| Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas. |
| Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion". |
| Buffer overflow in University of Washington's implementation of IMAP and POP servers. |
| IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. |
| inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not properly closed by inetd. |
| FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. |
| Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. |
| Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. |
| IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any flags set. |
| Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code. |
