CVE-2023-45167 – IBM AIX denial of service
https://notcve.org/view.php?id=CVE-2023-45167
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965. La implementación Python 7.3 de IBM AIX podría permitir que un usuario local sin privilegios aproveche una vulnerabilidad para provocar una denegación de servicio. ID de IBM X-Force: 267965. • https://aix.software.ibm.com/aix/efixes/security/python_advisory6.asc https://exchange.xforce.ibmcloud.com/vulnerabilities/267965 https://www.ibm.com/support/pages/node/7068084 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVE-2023-40371 – IBM AIX information disclosure
https://notcve.org/view.php?id=CVE-2023-40371
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263476 https://www.ibm.com/support/pages/node/7028420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2023-28528 – IBM AIX command execution
https://notcve.org/view.php?id=CVE-2023-28528
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. • http://packetstormsecurity.com/files/172458/IBM-AIX-7.2-inscout-Privilege-Escalation.html https://exchange.xforce.ibmcloud.com/vulnerabilities/251207 https://www.ibm.com/support/pages/node/6983232 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1691 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-26286 – IBM AIX privilege escalation
https://notcve.org/view.php?id=CVE-2023-26286
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248421 https://www.ibm.com/support/pages/node/6983236 •
CVE-2022-47990 – IBM AIX denial of service
https://notcve.org/view.php?id=CVE-2022-47990
IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556. IBM AIX 7.1, 7.2, 7.3 y VIOS, 3.1 podrían permitir que un usuario local sin privilegios aproveche una vulnerabilidad en X11 para provocar un desbordamiento del búfer que podría provocar una denegación de servicio o la ejecución de código arbitrario. ID de IBM X-Force: 243556. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243556 https://www.ibm.com/support/pages/node/6855827 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •