CVE-2020-4829
https://notcve.org/view.php?id=CVE-2020-4829
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960. IBM AIX versiones 7.1, 7.2 y VIOS versión 3.1, podrían permitir a un usuario local explotar una vulnerabilidad en el comando de usuario ksu para obtener privilegios root. ID de IBM X-Force: 189960. • https://exchange.xforce.ibmcloud.com/vulnerabilities/189960 https://www.ibm.com/support/pages/node/6380430 •
CVE-2020-4788 – kernel: speculation on incompletely validated data on IBM Power9
https://notcve.org/view.php?id=CVE-2020-4788
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. Los procesadores IBM Power9 (AIX versiones 7.1, 7.2 y VIOS versión 3.1), podrían permitir a un usuario local obtener información confidencial de los datos en la caché L1 en circunstancias atenuantes. IBM X-Force ID: 189296 A flaw was found in the Linux kernel. IBM Power9 processors can speculatively operate on data stored in the L1 cache before it has been completely validated. • http://www.openwall.com/lists/oss-security/2020/11/20/3 http://www.openwall.com/lists/oss-security/2020/11/23/1 https://exchange.xforce.ibmcloud.com/vulnerabilities/189296 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT https://www.ibm.com/support/pages/node/6370729 https://www.oracle.com/security-alerts/cpujul • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-6079 – IBM AIX 5.3/6.1/7.1/7.2 - 'lquerylv' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6079
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. IBM AIX 5.3, 6.1, 7.1 y 7.2 contiene una vulnerabilidad no especificada que permitiría a un usuario autenticado localmente obtener privilegios nivel root. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. • https://www.exploit-db.com/exploits/40710 http://aix.software.ibm.com/aix/efixes/security/lquerylv_advisory.asc http://www.securityfocus.com/bid/94090 http://www.securitytracker.com/id/1037256 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-8972 – IBM AIX 6.1/7.1/7.2 - 'Bellmail' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-8972
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. IBM AIX 6.1, 7.1 y 7.2 podría permitir a un usuario local obtener privilegios de root utilizando un comando especialmente manipulado dentro del cliente de bellmail. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. IBM AIX versions 6.1, 7.1, and 7.2 suffer from a Bellmail privilege escalation vulnerability. • https://www.exploit-db.com/exploits/40950 http://aix.software.ibm.com/aix/efixes/security/bellmail_advisory.asc http://www.securityfocus.com/bid/94979 http://www.securitytracker.com/id/1037480 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-0266
https://notcve.org/view.php?id=CVE-2016-0266
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. IBM AIX 5.3, 6.1, 7.1 y 7.2 y VIOS 2.2.x no predetermina a la última versión TLS, lo que facilita a atacantes man-in-the-middle obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116 http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117 http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118 http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119 http://www-01.ibm.com/support/docview.wss? • CWE-254: 7PK - Security Features •