CVSS: 4.3EPSS: 0%CPEs: 28EXPL: 0CVE-2016-0281
https://notcve.org/view.php?id=CVE-2016-0281
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. El controlador mustendd en IBM AIX 5.3, 6.1, 7.1 y 7.2 y VIOS 2.2.x, cuando la característica jumbo_frames no está habilitada, permite a atacantes remotos provocar una denegación de servicio (caída del adaptador FC1763 o FC5899) a través de paquetes manipulados. • http://aix.software.ibm.com/aix/efixes/security/mustendd_advisory.asc http://www-01.ibm.com/support/docview.wss?uid=swg1IV80569 http://www-01.ibm.com/support/docview.wss?uid=swg1IV81357 http://www-01.ibm.com/support/docview.wss?uid=swg1IV81459 http://www-01.ibm.com/support/docview.wss?uid=swg1IV82421 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 0CVE-2016-0266
https://notcve.org/view.php?id=CVE-2016-0266
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. IBM AIX 5.3, 6.1, 7.1 y 7.2 y VIOS 2.2.x no predetermina a la última versión TLS, lo que facilita a atacantes man-in-the-middle obtener información sensible a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg1IV86116 http://www-01.ibm.com/support/docview.wss?uid=swg1IV86117 http://www-01.ibm.com/support/docview.wss?uid=swg1IV86118 http://www-01.ibm.com/support/docview.wss?uid=swg1IV86119 http://www-01.ibm.com/support/docview.wss? • CWE-254: 7PK - Security Features •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2015-4948
https://notcve.org/view.php?id=CVE-2015-4948
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors. netstat en IBM AIX 5.3, 6.1 y 7.1 y VIOS 2.2.x, cuando se utiliza un adaptador de canal de fibra, permite a usuarios locales obtener privilegios a través de vectores no especificados. • http://aix.software.ibm.com/aix/efixes/security/netstat_advisory.asc http://www-01.ibm.com/support/docview.wss?uid=swg1IV75940 http://www-01.ibm.com/support/docview.wss?uid=swg1IV77299 http://www.securitytracker.com/id/1033806 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 27EXPL: 1CVE-2014-8904 – AIX 7.1 - 'lquerylv' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-8904
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. lquerylv en cmdlvm en IBM AIX 5.3, 6.1, y 7.1 and VIOS 2.2.x permite a usuarios locales ganar privilegios a través de un valor de variable del entorno DBGCMD_LQUERYLV manipulado. • https://www.exploit-db.com/exploits/38576 http://aix.software.ibm.com/aix/efixes/security/lvm_advisory.asc http://secunia.com/advisories/62195 http://www.ibm.com/support/docview.wss?uid=isg1IV67907 http://www.ibm.com/support/docview.wss?uid=isg1IV67908 http://www.ibm.com/support/docview.wss?uid=isg1IV68070 http://www.ibm.com/support/docview.wss?uid=isg1IV68082 http://www.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 97%CPEs: 147EXPL: 1CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocido como el problema "POODLE". A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 http& • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •