Topics

Sort by:
Attacker Value
Very Low

CVE-2019-11773

Disclosure Date: September 12, 2019 (last updated July 24, 2020)
Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
Attacker Value
Very Low

CVE-2019-4473

Disclosure Date: August 05, 2019 (last updated July 24, 2020)
Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.
Attacker Value
Very Low

CVE-2019-11771

Disclosure Date: July 17, 2019 (last updated July 24, 2020)
AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.
Attacker Value
Very Low

CVE-2018-1890

Disclosure Date: March 11, 2019 (last updated July 24, 2020)
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.
Attacker Value
Moderate

CVE-2018-1655

Disclosure Date: June 22, 2018 (last updated July 24, 2020)
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.
Attacker Value
Very High

CVE-2014-3074

Disclosure Date: July 02, 2014 (last updated June 05, 2020)
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
1
Attacker Value
Very High

CVE-2014-3977

Disclosure Date: June 08, 2014 (last updated June 05, 2020)
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
1
Attacker Value
Very High

CVE-2013-4011

Disclosure Date: July 18, 2013 (last updated July 30, 2020)
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
1
Attacker Value
Very High

CVE-2014-0930

Disclosure Date: May 08, 2014 (last updated June 05, 2020)
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.
1
Attacker Value
Very High

CVE-2014-2591

Disclosure Date: May 14, 2014 (last updated June 05, 2020)
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.
1