CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5419
https://notcve.org/view.php?id=CVE-2013-5419
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership. Múltiples desbordamientos de buffer en (1) mkque y (2) mkquedev en bos.rte.printers de IBM AIX 6.1 y 7.1 permite a usuarios locales obtener privilegios aprovechando la pertenencia al grupo printq. • http://aix.software.ibm.com/aix/efixes/security/cmdque_advisory.asc http://www.ibm.com/support/docview.wss?uid=isg1IV47427 http://www.ibm.com/support/docview.wss?uid=isg1IV47428 http://www.ibm.com/support/docview.wss?uid=isg1IV47429 http://www.ibm.com/support/docview.wss?uid=isg1IV47430 https://exchange.xforce.ibmcloud.com/vulnerabilities/87481 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18775 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 2CVE-2013-4011 – IBM AIX 6.1/7.1 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-4011
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat. Múltiples vulnerabilidades no especificadas en el InfiniBand subsystem en IBM AIX 6.1 y 7.1, y VIOS v2.2.2.2-FP-26 SP-02, permite a usuarios locales conseguir privilegios a través de vectores relacionados (1) arp.ib o (2) ibstat. • https://www.exploit-db.com/exploits/28507 https://www.exploit-db.com/exploits/32700 http://aix.software.ibm.com/aix/efixes/security/infiniband_advisory.asc http://osvdb.org/95419 http://osvdb.org/95420 http://secunia.com/advisories/54215 http://www.ibm.com/support/docview.wss?uid=isg1IV43561 http://www.ibm.com/support/docview.wss?uid=isg1IV43562 http://www.ibm.com/support/docview.wss?uid=isg1IV43580 http://www.ibm.com/support/docview.wss?uid=isg1IV43582 http://www&# •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-3005
https://notcve.org/view.php?id=CVE-2013-3005
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors. El cliente TFTP en IBM AIX v6.1 y v7.1, y VIOS v2.2.2.2-FP-26 SP-02, cuando RBAC está activada, permite a los usuarios remotos autenticados evitar los permisos de propiedad de archivos, y leer o sobrescribir archivos de su elección, a través de vectores no especificados. • http://aix.software.ibm.com/aix/efixes/security/tftp_advisory.asc http://www.ibm.com/support/docview.wss?uid=isg1IV40221 http://www.ibm.com/support/docview.wss?uid=isg1IV42700 http://www.ibm.com/support/docview.wss?uid=isg1IV42932 http://www.ibm.com/support/docview.wss?uid=isg1IV42933 http://www.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 5%CPEs: 3EXPL: 0CVE-2013-3035
https://notcve.org/view.php?id=CVE-2013-3035
The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface. La implementación de IPv6 en el subsistema de inet en IBM AIX v6.1 y v7.1, y VIOS v2.2.2.2-FP-26 SP-02, permite a atacantes remotos provocar una denegación de servicio (caída del sistema) a través de un paquete especialmente diseñado para una interface IPv6. • http://aix.software.ibm.com/aix/efixes/security/inet_advisory.asc http://www.ibm.com/support/docview.wss?uid=isg1IV37925 http://www.ibm.com/support/docview.wss?uid=isg1IV42072 http://www.ibm.com/support/docview.wss?uid=isg1IV42095 http://www.ibm.com/support/docview.wss?uid=isg1IV42124 http://www.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-4845
https://notcve.org/view.php?id=CVE-2012-4845
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. El cliente FTP en AIX b6.1 y b7.1 y VIOS b2.2.1.4-FP-25 SP-02, no gestiona adecuadamente los privilegios en un entorno RBAC, lo que permite a los atacantes eludir las restricciones de lectura de ficheros mediante el aprovechamiento de la instalación de setuid del archivo ejecutable del ftp. • http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc http://www.ibm.com/support/docview.wss?uid=isg1IV23331 http://www.ibm.com/support/docview.wss?uid=isg1IV28715 http://www.ibm.com/support/docview.wss?uid=isg1IV28785 http://www.ibm.com/support/docview.wss?uid=isg1IV28787 http://www.securityfocus.com/bid/56134 https://exchange.xforce.ibmcloud.com/vulnerabilities/79279 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19695 • CWE-264: Permissions, Privileges, and Access Controls •