Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-2669

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Aug, 2009 | 19:00
Updated At-07 Aug, 2024 | 05:59
Rejected At-
Credits

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Aug, 2009 | 19:00
Updated At:07 Aug, 2024 | 05:59
Rejected At:
▼CVE Numbering Authority (CNA)

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.ibm.com/support/docview.wss?uid=isg1IZ54593
vendor-advisory
x_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=isg1IZ56204
vendor-advisory
x_refsource_AIXAPAR
http://secunia.com/advisories/36156
third-party-advisory
x_refsource_SECUNIA
http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=isg1IZ56203
vendor-advisory
x_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=isg1IZ54090
vendor-advisory
x_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=isg1IZ54091
vendor-advisory
x_refsource_AIXAPAR
http://www.securityfocus.com/bid/35934
vdb-entry
x_refsource_BID
http://www.ibm.com/support/docview.wss?uid=isg1IZ56205
vendor-advisory
x_refsource_AIXAPAR
http://www.vupen.com/english/advisories/2009/2151
vdb-entry
x_refsource_VUPEN
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815
third-party-advisory
x_refsource_IDEFENSE
http://www.ibm.com/support/docview.wss?uid=isg1IZ56206
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54593
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56204
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://secunia.com/advisories/36156
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56203
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54090
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54091
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.securityfocus.com/bid/35934
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56205
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.vupen.com/english/advisories/2009/2151
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815
Resource:
third-party-advisory
x_refsource_IDEFENSE
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56206
Resource:
vendor-advisory
x_refsource_AIXAPAR
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.ibm.com/support/docview.wss?uid=isg1IZ54593
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www.ibm.com/support/docview.wss?uid=isg1IZ56204
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://secunia.com/advisories/36156
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc
x_refsource_CONFIRM
x_transferred
http://www.ibm.com/support/docview.wss?uid=isg1IZ56203
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www.ibm.com/support/docview.wss?uid=isg1IZ54090
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www.ibm.com/support/docview.wss?uid=isg1IZ54091
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www.securityfocus.com/bid/35934
vdb-entry
x_refsource_BID
x_transferred
http://www.ibm.com/support/docview.wss?uid=isg1IZ56205
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www.vupen.com/english/advisories/2009/2151
vdb-entry
x_refsource_VUPEN
x_transferred
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815
third-party-advisory
x_refsource_IDEFENSE
x_transferred
http://www.ibm.com/support/docview.wss?uid=isg1IZ56206
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54593
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56204
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://secunia.com/advisories/36156
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56203
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54090
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54091
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35934
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56205
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/2151
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815
Resource:
third-party-advisory
x_refsource_IDEFENSE
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56206
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Aug, 2009 | 19:30
Updated At:23 Apr, 2026 | 00:35

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

IBM Corporation
ibm
>>aix>>5.3
cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*
IBM Corporation
ibm
>>aix>>6.1
cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asccve@mitre.org
Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815cve@mitre.org
N/A
http://secunia.com/advisories/36156cve@mitre.org
N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ54090cve@mitre.org
N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ54091cve@mitre.org
N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ54593cve@mitre.org
N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ56203cve@mitre.org
Patch
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56204cve@mitre.org
Patch
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56205cve@mitre.org
Patch
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56206cve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/bid/35934cve@mitre.org
Patch
http://www.vupen.com/english/advisories/2009/2151cve@mitre.org
N/A
http://aix.software.ibm.com/aix/efixes/security/libC_advisory.ascaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/36156af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ54090af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ54091af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ54593af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=isg1IZ56203af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56204af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56205af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=isg1IZ56206af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/35934af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.vupen.com/english/advisories/2009/2151af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/36156
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54090
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54091
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54593
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56203
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56204
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56205
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56206
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/35934
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://www.vupen.com/english/advisories/2009/2151
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/36156
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54090
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54091
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ54593
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56203
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56204
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56205
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.ibm.com/support/docview.wss?uid=isg1IZ56206
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/35934
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.vupen.com/english/advisories/2009/2151
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

282Records found

CVE-1999-0118
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.70% / 48.54%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

AIX infod allows local users to gain root access through an X display.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2014-0907
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.66% / 46.99%
||
7 Day CHG~0.00%
Published-30 May, 2014 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2n/a
CVE-2004-2312
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.06% / 60.35%
||
7 Day CHG~0.00%
Published-16 Aug, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2013-5467
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.84% / 53.54%
||
7 Day CHG~0.00%
Published-29 Aug, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM) on UNIX allow local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM CorporationLinux Kernel Organization, Inc
Product-monitoring_agent_for_unix_logslinux_kernelmonitoring_server_\(ms\)_and_shared_libraries_\(ax\)n/a
CVE-2013-5416
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.32% / 24.10%
||
7 Day CHG~0.00%
Published-18 Dec, 2013 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-rational_clearcasen/a
CVE-2013-2964
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 33.36%
||
7 Day CHG~0.00%
Published-04 Oct, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-3475
Matching Score-8
Assigner-Flexera Software LLC
ShareView Details
Matching Score-8
Assigner-Flexera Software LLC
CVSS Score-7.2||HIGH
EPSS-0.43% / 34.70%
||
7 Day CHG~0.00%
Published-05 Jun, 2013 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-smart_analytics_system_7600db2db2_connectn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-0536
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.11%
||
7 Day CHG~0.00%
Published-21 Jun, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_inoteslotus_notes_travelerlotus_notesn/a
CVE-2012-5951
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.43% / 34.85%
||
7 Day CHG~0.00%
Published-26 Dec, 2012 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level.

Action-Not Available
Vendor-n/aIBM Corporation
Product-z\/ostivoli_netviewn/a
CVE-2012-5938
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.39% / 31.39%
||
7 Day CHG~0.00%
Published-20 Mar, 2013 | 14:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.

Action-Not Available
Vendor-conectivan/aIBM CorporationNovell
Product-infosphere_information_serverunixwarelinuxn/a
CVE-2002-0086
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.43% / 34.49%
||
7 Day CHG~0.00%
Published-07 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_dominon/a
CVE-2007-0978
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.41%
||
7 Day CHG~0.00%
Published-16 Feb, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2001-1330
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.43% / 34.97%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2012-4859
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.33% / 25.39%
||
7 Day CHG~0.00%
Published-21 Dec, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-tivoli_storage_manager_for_space_managementn/a
CVE-2004-2131
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.43% / 69.68%
||
7 Day CHG~0.00%
Published-27 May, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.

Action-Not Available
Vendor-n/aIBM Corporation
Product-informix_dynamic_serverinformix_extended_parallel_servern/a
CVE-2005-0263
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.07% / 60.64%
||
7 Day CHG~0.00%
Published-10 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0852
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.35% / 26.77%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_application_servern/a
CVE-1999-1013
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.47% / 37.57%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0122
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.10% / 61.66%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AIX lchangelv gives root access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0023
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.78% / 51.27%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

Action-Not Available
Vendor-scoinetbsdin/aFreeBSD FoundationSun Microsystems (Oracle Corporation)IBM Corporation
Product-tcp_ipopenserversunosbsd_osinetinternet_faststartfreebsdaixunixwareopen_desktopn/a
CVE-2012-2188
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.35% / 26.67%
||
7 Day CHG~0.00%
Published-06 Aug, 2012 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.

Action-Not Available
Vendor-n/aIBM Corporation
Product-power_hardware_management_console_firmwaresystems_director_management__console_firmwaren/a
CVE-2012-1796
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.34% / 25.76%
||
7 Day CHG~0.00%
Published-20 Mar, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aIBM CorporationSun Microsystems (Oracle Corporation)Linux Kernel Organization, IncHP Inc.
Product-hp-uxsunosdb2aixlinux_kerneln/a
CVE-2011-3123
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.36% / 28.42%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.

Action-Not Available
Vendor-n/aIBM CorporationLinux Kernel Organization, Inc
Product-infosphere_information_serverinfosphere_datastagelinux_kerneln/a
CVE-2011-1520
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.47% / 37.59%
||
7 Day CHG~0.00%
Published-25 Mar, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_dominon/a
CWE ID-CWE-287
Improper Authentication
CVE-2011-1223
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.39% / 31.31%
||
7 Day CHG~0.00%
Published-17 Jul, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationIBM Corporation
Product-windowstivoli_storage_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1222
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.39% / 31.31%
||
7 Day CHG~0.00%
Published-17 Jul, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows and AIX allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationIBM Corporation
Product-aixwindowstivoli_storage_managern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-3895
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.78% / 51.48%
||
7 Day CHG~0.00%
Published-12 Nov, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-omnifindn/a
CVE-2010-4604
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.94% / 56.51%
||
7 Day CHG~0.00%
Published-29 Dec, 2010 | 17:27
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.2.10, and 6.1.x before 6.1.3.1 on Unix and Linux allows local users to gain privileges by specifying a long LANG environment variable, and then sending a request over a pipe.

Action-Not Available
Vendor-n/aIBM CorporationLinux Kernel Organization, Inc
Product-linux_kerneltivoli_storage_managern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2010-3733
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.31% / 22.44%
||
7 Day CHG~0.00%
Published-05 Oct, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2n/a
CVE-2019-4088
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.53% / 40.81%
||
7 Day CHG~0.00%
Published-02 Jul, 2019 | 15:05
Updated-17 Sep, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511.

Action-Not Available
Vendor-IBM Corporation
Product-spectrum_protect_operations_centerSpectrum Protect
CVE-2019-4447
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.45% / 36.02%
||
7 Day CHG~0.00%
Published-26 Aug, 2019 | 14:40
Updated-16 Sep, 2024 | 19:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2_high_performance_unload_loadlinux_kernelDB2 High Performance Unload load for LUW
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2005-3060
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.52% / 40.54%
||
7 Day CHG~0.00%
Published-30 Sep, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2010-1347
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.35% / 27.33%
||
7 Day CHG~0.00%
Published-12 Apr, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts.

Action-Not Available
Vendor-n/aIBM CorporationLinux Kernel Organization, Inc
Product-aixlinux_kerneldirector_agentn/a
CVE-2021-29707
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.30% / 22.30%
||
7 Day CHG~0.00%
Published-19 Jul, 2021 | 16:00
Updated-16 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM HMC (Hardware Management Console) V9.1.910.0 and V9.2.950.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 200879.

Action-Not Available
Vendor-IBM Corporation
Product-hardware_management_consolePower HMC
CVE-2005-2237
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.39% / 30.48%
||
7 Day CHG~0.00%
Published-12 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2022-22454
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.35% / 26.90%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 15:45
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-aixinfosphere_information_server_on_cloudlinux_kernelwindowsInfoSphere Information Server
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-29741
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.26% / 17.56%
||
7 Day CHG~0.00%
Published-02 Aug, 2021 | 15:00
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478.

Action-Not Available
Vendor-IBM Corporation
Product-aixviosVIOSAIX
CVE-2009-4362
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.35% / 27.26%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-4361
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.35% / 27.26%
||
7 Day CHG~0.00%
Published-21 Dec, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2009-3516
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.38% / 29.54%
||
7 Day CHG~0.00%
Published-01 Oct, 2009 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2009-1355
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 33.29%
||
7 Day CHG~0.00%
Published-21 Apr, 2009 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-1714
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 26.84%
||
7 Day CHG~0.00%
Published-13 Feb, 2018 | 20:00
Updated-17 Sep, 2024 | 02:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.

Action-Not Available
Vendor-IBM Corporation
Product-notesclient_application_accessNotesClient Application Access
CVE-2009-0439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.20%
||
7 Day CHG~0.00%
Published-24 Feb, 2009 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.

Action-Not Available
Vendor-n/aIBM Corporation
Product-websphere_mqn/a
CVE-2005-0240
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.39% / 30.92%
||
7 Day CHG~0.00%
Published-07 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2004-1329
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-3.27% / 86.91%
||
7 Day CHG~0.00%
Published-06 Jan, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2008-1710
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.33% / 25.26%
||
7 Day CHG~0.00%
Published-09 Apr, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2008-1593
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.38% / 29.64%
||
7 Day CHG~0.00%
Published-31 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2008-1596
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.39% / 31.01%
||
7 Day CHG~0.00%
Published-31 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2008-1601
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.39% / 30.84%
||
7 Day CHG~0.00%
Published-31 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1599
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.38% / 29.97%
||
7 Day CHG~0.00%
Published-31 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found