CVSS: 5.1EPSS: 0%CPEs: 15EXPL: 0CVE-2020-4788 – kernel: speculation on incompletely validated data on IBM Power9
https://notcve.org/view.php?id=CVE-2020-4788
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296. Los procesadores IBM Power9 (AIX versiones 7.1, 7.2 y VIOS versión 3.1), podrían permitir a un usuario local obtener información confidencial de los datos en la caché L1 en circunstancias atenuantes. IBM X-Force ID: 189296 A flaw was found in the Linux kernel. IBM Power9 processors can speculatively operate on data stored in the L1 cache before it has been completely validated. • http://www.openwall.com/lists/oss-security/2020/11/20/3 http://www.openwall.com/lists/oss-security/2020/11/23/1 https://exchange.xforce.ibmcloud.com/vulnerabilities/189296 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TITJQPYDWZ4NB2ONJWUXW75KSQIPF35T https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZF4OGZPKTAJJXWHPIFP3LHEWWEMR5LPT https://www.ibm.com/support/pages/node/6370729 https://www.oracle.com/security-alerts/cpujul • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1655
https://notcve.org/view.php?id=CVE-2018-1655
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. IBM AIX 5.3, 6.1, 7.1 y 7.2 contiene una vulnerabilidad en el comando rmsock que podría emplearse para exponer la memoria del kernel. IBM X-Force ID: 144748. • http://aix.software.ibm.com/aix/efixes/security/rmsock_advisory2.asc http://www.securityfocus.com/bid/104542 http://www.securitytracker.com/id/1041166 https://exchange.xforce.ibmcloud.com/vulnerabilities/144748 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1383
https://notcve.org/view.php?id=CVE-2018-1383
A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117. Un error de lógica de software crea una vulnerabilidad en un demonio AIX, en versiones 6.1, 7.1 y 7.2, que podría permitir que un usuario con privilegios root en un sistema obtenga acceso root en otro equipo. IBM X-Force ID: 138117. • http://aix.software.ibm.com/aix/efixes/security/aixbase_advisory.asc http://www-01.ibm.com/support/docview.wss?uid=isg3T1026948 http://www.securityfocus.com/bid/102989 http://www.securitytracker.com/id/1040358 https://exchange.xforce.ibmcloud.com/vulnerabilities/138117 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1692
https://notcve.org/view.php?id=CVE-2017-1692
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067. IBM AIX, en versiones 5.3, 6.1, 7.1 y 7.2, contiene una vulnerabilidad sin especificar que permitiría que un usuario autenticado localmente obtenga privilegios de nivel root. IBM X-Force ID: 134067. • http://aix.software.ibm.com/aix/efixes/security/suid_advisory.asc http://www.securitytracker.com/id/1040330 https://exchange.xforce.ibmcloud.com/vulnerabilities/134067 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-1541
https://notcve.org/view.php?id=CVE-2017-1541
A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809. Una vulnerabilidad en AIX 5.3, 6.1, 7.1 y 7.2 en JRE/SDK con los paquetes installp y updatep evitaba que los archivos java.security, java.policy y javaws.policy se actualizasen correctamente. IBM X-Force ID: 130809. • http://aix.software.ibm.com/aix/efixes/security/java_july2017_advisory.asc http://www.securityfocus.com/bid/100914 http://www.securityfocus.com/bid/100915 http://www.securitytracker.com/id/1039372 https://exchange.xforce.ibmcloud.com/vulnerabilities/130809 • CWE-20: Improper Input Validation •