Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-1246

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-17 Mar, 2006 | 11:00
Updated At-07 Aug, 2024 | 17:03
Rejected At-
Credits

Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:17 Mar, 2006 | 11:00
Updated At:07 Aug, 2024 | 17:03
Rejected At:
▼CVE Numbering Authority (CNA)

Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1015786
vdb-entry
x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2006/0957
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/17115
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/25849
vdb-entry
x_refsource_XF
http://www.osvdb.org/23921
vdb-entry
x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/25299
vdb-entry
x_refsource_XF
http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739
vendor-advisory
x_refsource_AIXAPAR
http://attrition.org/pipermail/vim/2006-March/000641.html
mailing-list
x_refsource_VIM
http://secunia.com/advisories/19235
third-party-advisory
x_refsource_SECUNIA
http://www.nsfocus.com/english/homepage/research/0602.htm
x_refsource_MISC
Hyperlink: http://securitytracker.com/id?1015786
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2006/0957
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/17115
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25849
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.osvdb.org/23921
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25299
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://attrition.org/pipermail/vim/2006-March/000641.html
Resource:
mailing-list
x_refsource_VIM
Hyperlink: http://secunia.com/advisories/19235
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.nsfocus.com/english/homepage/research/0602.htm
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://securitytracker.com/id?1015786
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.vupen.com/english/advisories/2006/0957
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/17115
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/25849
vdb-entry
x_refsource_XF
x_transferred
http://www.osvdb.org/23921
vdb-entry
x_refsource_OSVDB
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/25299
vdb-entry
x_refsource_XF
x_transferred
http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://attrition.org/pipermail/vim/2006-March/000641.html
mailing-list
x_refsource_VIM
x_transferred
http://secunia.com/advisories/19235
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.nsfocus.com/english/homepage/research/0602.htm
x_refsource_MISC
x_transferred
Hyperlink: http://securitytracker.com/id?1015786
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/0957
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/17115
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25849
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.osvdb.org/23921
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25299
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://attrition.org/pipermail/vim/2006-March/000641.html
Resource:
mailing-list
x_refsource_VIM
x_transferred
Hyperlink: http://secunia.com/advisories/19235
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.nsfocus.com/english/homepage/research/0602.htm
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:17 Mar, 2006 | 11:02
Updated At:03 Apr, 2025 | 01:03

Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
IBM Corporation
ibm
>>aix>>5.3
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://attrition.org/pipermail/vim/2006-March/000641.htmlcve@mitre.org
N/A
http://secunia.com/advisories/19235cve@mitre.org
Patch
Vendor Advisory
http://securitytracker.com/id?1015786cve@mitre.org
N/A
http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739cve@mitre.org
N/A
http://www.nsfocus.com/english/homepage/research/0602.htmcve@mitre.org
Patch
Vendor Advisory
http://www.osvdb.org/23921cve@mitre.org
N/A
http://www.securityfocus.com/bid/17115cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2006/0957cve@mitre.org
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25299cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/25849cve@mitre.org
N/A
http://attrition.org/pipermail/vim/2006-March/000641.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/19235af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://securitytracker.com/id?1015786af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.nsfocus.com/english/homepage/research/0602.htmaf854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.osvdb.org/23921af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/17115af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2006/0957af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25299af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/25849af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://attrition.org/pipermail/vim/2006-March/000641.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/19235
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1015786
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.nsfocus.com/english/homepage/research/0602.htm
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.osvdb.org/23921
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/17115
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/0957
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25299
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25849
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://attrition.org/pipermail/vim/2006-March/000641.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/19235
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://securitytracker.com/id?1015786
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-1.ibm.com/support/docview.wss?uid=isg1IY82739
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.nsfocus.com/english/homepage/research/0602.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.osvdb.org/23921
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/17115
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/0957
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25299
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/25849
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

282Records found
CVE-1999-0089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 21.12%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AIX libDtSvc library can allow local users to gain root access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2016-6079
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-2.05% / 83.12%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

Action-Not Available
Vendor-IBM Corporation
Product-viosaixAIX
CVE-2005-2233
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.62%
||
7 Day CHG~0.00%
Published-12 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2016-6065
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.49%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumGuardium
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2001-1330
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 15.86%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2016-2946
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.92%
||
7 Day CHG~0.00%
Published-01 Dec, 2016 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM CorporationLinux Kernel Organization, Inc
Product-linux_kerneltivoli_monitoringn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-3060
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.13% / 33.27%
||
7 Day CHG~0.00%
Published-30 Sep, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2016-0263
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7||HIGH
EPSS-0.04% / 10.92%
||
7 Day CHG~0.00%
Published-29 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command.

Action-Not Available
Vendor-n/aIBM Corporation
Product-spectrum_scalegeneral_parallel_file_system_storage_servern/a
CVE-2016-0271
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.2||HIGH
EPSS-0.04% / 10.13%
||
7 Day CHG~0.00%
Published-08 Jul, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-urbancode_deployn/a
CVE-2016-0328
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.14% / 35.22%
||
7 Day CHG~0.00%
Published-22 Oct, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_guardium_database_activity_monitorn/a
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2016-0230
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.08% / 24.27%
||
7 Day CHG~0.00%
Published-07 Jul, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 through 7.9.0 SP3, 8.1 through 8.1.0 SP3, 8.2 through 8.2.0 SP2, 8.3 through 8.3.0 SP2, 8.4 through 8.4.0 SP1, and 8.5.0 allows physically proximate attackers to obtain root access via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-hardware_management_consolen/a
CVE-2016-0235
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.2||HIGH
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 21:00
Updated-05 Aug, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Database Activity Monitor 10 allows local users to have unspecified impact by leveraging administrator access to a hardcoded password, related to use on GRUB systems. IBM X-Force ID: 110326.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_guardium_database_activity_monitorn/a
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2015-0197
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.28% / 51.31%
||
7 Day CHG~0.00%
Published-24 Mar, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-general_parallel_file_systemn/a
CVE-2015-0179
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.69% / 70.91%
||
7 Day CHG~0.00%
Published-06 Apr, 2015 | 00:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.

Action-Not Available
Vendor-n/aIBM Corporation
Product-dominon/a
CVE-2021-29672
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.05% / 15.28%
||
7 Day CHG~0.00%
Published-26 Apr, 2021 | 16:30
Updated-17 Sep, 2024 | 01:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_for_space_managementspectrum_protect_clientSpectrum Protect for Space Management
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-29801
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.03% / 7.95%
||
7 Day CHG~0.00%
Published-26 Aug, 2021 | 19:25
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosVIOSAIX
CVE-2021-29741
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.04% / 10.29%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 15:00
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosVIOSAIX
CVE-2021-29740
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.07% / 22.73%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 14:05
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Scale 5.0.0 through 5.0.5.6 and 5.1.0 through 5.1.0.3 system core component is affected by a format string security vulnerability. An attacker could execute arbitrary code in the context of process memory, potentially escalating their system privileges and taking control over the entire system with root access. IBM X-Force ID: 201474.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_scaleSpectrum Scale
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2004-2312
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.32% / 54.21%
||
7 Day CHG~0.00%
Published-16 Aug, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2003-0759
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.15% / 36.84%
||
7 Day CHG~0.00%
Published-19 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CVE-2010-3895
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.40% / 59.55%
||
7 Day CHG~0.00%
Published-12 Nov, 2010 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-omnifindn/a
CVE-2015-7818
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 13.45%
||
7 Day CHG~0.00%
Published-12 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file.

Action-Not Available
Vendor-n/aLenovo Group LimitedIBM Corporation
Product-switch_centersystem_networking_switch_centern/a
CVE-2009-4362
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 14.05%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-16 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-5043
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.05% / 13.45%
||
7 Day CHG~0.00%
Published-08 Nov, 2015 | 22:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, 9.5, and 10.0 before p6015 allows local users to obtain root access via unspecified key sequences.

Action-Not Available
Vendor-n/aIBM Corporation
Product-security_guardiumn/a
CVE-2015-1897
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 21.92%
||
7 Day CHG~0.00%
Published-15 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1898.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-1900
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.06% / 17.04%
||
7 Day CHG~0.00%
Published-29 Jun, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors.

Action-Not Available
Vendor-n/aIBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelinfosphere_datastagen/a
CVE-2015-2023
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.49%
||
7 Day CHG~0.00%
Published-02 Jan, 2016 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM CorporationMicrosoft Corporation
Product-windowsi_accessn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-1898
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.07% / 21.62%
||
7 Day CHG~0.00%
Published-15 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1897.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_fastbackn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1998
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.8||HIGH
EPSS-0.04% / 8.74%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere MQ 8.0.0.0 through 9.1.1 could allow a local user to inject code that could be executed with root privileges. This is due to an incomplete fix for CVE-2018-1792. IBM X-ForceID: 154887.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_mqMQ
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2003-0758
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.15% / 36.48%
||
7 Day CHG~0.00%
Published-19 Sep, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CVE-2021-29707
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.04% / 12.31%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 16:00
Updated-16 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.

Action-Not Available
Vendor-IBM Corporation
Product-hardware_management_consolePower HMC
CVE-2020-4688
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.14% / 34.45%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 15:00
Updated-16 Sep, 2024 | 23:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium 10.6 and 11.2 could allow a local attacker to execute arbitrary commands on the system as an unprivileged user, caused by command injection vulnerability. IBM X-Force ID: 186700.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelsecurity_guardiumSecurity Guardium
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found