Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ibm Subscribe
Total 6536 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29772 1 Ibm 1 Api Connect 2021-09-01 7.5 HIGH 9.8 CRITICAL
IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.
CVE-2020-4887 1 Ibm 2 Aix, Vios 2021-08-31 2.1 LOW 5.5 MEDIUM
IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.
CVE-2016-8972 1 Ibm 2 Aix, Vios 2021-08-31 7.2 HIGH 7.8 HIGH
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
CVE-2014-8904 1 Ibm 2 Aix, Vios 2021-08-31 7.2 HIGH N/A
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.
CVE-2012-4817 1 Ibm 2 Aix, Vios 2021-08-31 5.0 MEDIUM N/A
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2016-0281 1 Ibm 2 Aix, Vios 2021-08-31 4.3 MEDIUM 3.7 LOW
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
CVE-2016-0266 1 Ibm 2 Aix, Vios 2021-08-31 4.3 MEDIUM 3.7 LOW
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2014-0930 1 Ibm 2 Aix, Vios 2021-08-31 4.7 MEDIUM N/A
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.
CVE-2014-3977 1 Ibm 2 Aix, Vios 2021-08-31 6.9 MEDIUM N/A
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
CVE-2016-6079 1 Ibm 2 Aix, Vios 2021-08-31 7.2 HIGH 7.8 HIGH
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.
CVE-2014-3074 1 Ibm 2 Aix, Vios 2021-08-31 7.2 HIGH N/A
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
CVE-2020-4829 1 Ibm 2 Aix, Vios 2021-08-31 7.2 HIGH 7.8 HIGH
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.
CVE-2012-2200 1 Ibm 2 Aix, Vios 2021-08-31 7.2 HIGH N/A
The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.
CVE-2012-2192 1 Ibm 2 Aix, Vios 2021-08-31 4.9 MEDIUM N/A
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.
CVE-2012-0723 1 Ibm 2 Aix, Vios 2021-08-31 4.9 MEDIUM N/A
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.
CVE-2012-4833 1 Ibm 2 Aix, Vios 2021-08-31 2.1 LOW N/A
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.
CVE-2012-4845 1 Ibm 2 Aix, Vios 2021-08-31 6.8 MEDIUM N/A
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.
CVE-2021-29704 1 Ibm 1 Resilient Security Orchestration Automation And Response 2021-08-26 5.0 MEDIUM 7.5 HIGH
IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2021-29802 1 Ibm 1 Resilient Security Orchestration Automation And Response 2021-08-26 5.0 MEDIUM 7.5 HIGH
IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.
CVE-2020-4992 1 Ibm 1 Datapower Gateway 2021-08-24 4.3 MEDIUM 6.5 MEDIUM
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737.