CVE-2023-40371 – IBM AIX information disclosure
https://notcve.org/view.php?id=CVE-2023-40371
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476. • https://exchange.xforce.ibmcloud.com/vulnerabilities/263476 https://www.ibm.com/support/pages/node/7028420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVE-2023-28528 – IBM AIX command execution
https://notcve.org/view.php?id=CVE-2023-28528
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. • http://packetstormsecurity.com/files/172458/IBM-AIX-7.2-inscout-Privilege-Escalation.html https://exchange.xforce.ibmcloud.com/vulnerabilities/251207 https://www.ibm.com/support/pages/node/6983232 https://talosintelligence.com/vulnerability_reports/TALOS-2023-1691 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2023-26286 – IBM AIX privilege escalation
https://notcve.org/view.php?id=CVE-2023-26286
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421. • https://exchange.xforce.ibmcloud.com/vulnerabilities/248421 https://www.ibm.com/support/pages/node/6983236 •
CVE-2022-47990 – IBM AIX denial of service
https://notcve.org/view.php?id=CVE-2022-47990
IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556. IBM AIX 7.1, 7.2, 7.3 y VIOS, 3.1 podrían permitir que un usuario local sin privilegios aproveche una vulnerabilidad en X11 para provocar un desbordamiento del búfer que podría provocar una denegación de servicio o la ejecución de código arbitrario. ID de IBM X-Force: 243556. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243556 https://www.ibm.com/support/pages/node/6855827 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-41290 – IBM AIX privilege escalation
https://notcve.org/view.php?id=CVE-2022-41290
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690. IBM AIX 7.1, 7.2, 7.3 y VIOS 3.1 podrían permitir que un usuario local sin privilegios aproveche una vulnerabilidad en el comando rm_rlcache_file para obtener privilegios de root. ID de IBM X-Force: 236690. • https://exchange.xforce.ibmcloud.com/vulnerabilities/236690 https://www.ibm.com/support/pages/node/6847917 • CWE-250: Execution with Unnecessary Privileges CWE-269: Improper Privilege Management •