Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-0907

Summary
Assigner-ibm
Assigner Org ID-9a959283-ebb5-44b6-b705-dcc2bbced522
Published At-30 May, 2014 | 23:00
Updated At-06 Aug, 2024 | 09:27
Rejected At-
Credits

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:ibm
Assigner Org ID:9a959283-ebb5-44b6-b705-dcc2bbced522
Published At:30 May, 2014 | 23:00
Updated At:06 Aug, 2024 | 09:27
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://seclists.org/fulldisclosure/2014/Jun/7
mailing-list
x_refsource_FULLDISC
http://www-304.ibm.com/support/docview.wss?uid=swg21676135
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
vendor-advisory
x_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=swg1IT00686
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg21672100
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
x_refsource_CONFIRM
http://secunia.com/advisories/59463
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
x_refsource_CONFIRM
http://www.ibm.com/support/docview.wss?uid=swg21610582#4
x_refsource_CONFIRM
http://www.securitytracker.com/id/1030670
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/67617
vdb-entry
x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
vendor-advisory
x_refsource_AIXAPAR
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
x_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg21680454
x_refsource_CONFIRM
http://www.securitytracker.com/id/1030671
vdb-entry
x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
vdb-entry
x_refsource_XF
http://secunia.com/advisories/60482
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/59451
third-party-advisory
x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
vendor-advisory
x_refsource_AIXAPAR
http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
x_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
vendor-advisory
x_refsource_AIXAPAR
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://seclists.org/fulldisclosure/2014/Jun/7
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www-304.ibm.com/support/docview.wss?uid=swg21676135
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IT00686
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21672100
Resource:
x_refsource_CONFIRM
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001843
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/59463
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001841
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21610582#4
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1030670
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.securityfocus.com/bid/67617
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
Resource:
x_refsource_MISC
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21680454
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1030671
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/60482
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/59451
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
Resource:
x_refsource_MISC
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
Resource:
vendor-advisory
x_refsource_AIXAPAR
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://seclists.org/fulldisclosure/2014/Jun/7
mailing-list
x_refsource_FULLDISC
x_transferred
http://www-304.ibm.com/support/docview.wss?uid=swg21676135
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg1IT00686
x_refsource_CONFIRM
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg21672100
x_refsource_CONFIRM
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=isg400001843
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/59463
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=isg400001841
x_refsource_CONFIRM
x_transferred
http://www.ibm.com/support/docview.wss?uid=swg21610582#4
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1030670
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/67617
vdb-entry
x_refsource_BID
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
vendor-advisory
x_refsource_AIXAPAR
x_transferred
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
x_refsource_MISC
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg21680454
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1030671
vdb-entry
x_refsource_SECTRACK
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/60482
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/59451
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
x_refsource_MISC
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2014/Jun/7
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www-304.ibm.com/support/docview.wss?uid=swg21676135
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IT00686
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21672100
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001843
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/59463
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001841
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21610582#4
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1030670
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.securityfocus.com/bid/67617
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21680454
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1030671
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/60482
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/59451
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@us.ibm.com
Published At:30 May, 2014 | 23:55
Updated At:06 May, 2026 | 22:30

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.2HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 7.2
Base severity: HIGH
Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CPE Matches

IBM Corporation
ibm
>>db2>>9.5
cpe:2.3:a:ibm:db2:9.5:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.7
cpe:2.3:a:ibm:db2:9.7:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.7.0.1
cpe:2.3:a:ibm:db2:9.7.0.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.7.0.2
cpe:2.3:a:ibm:db2:9.7.0.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.7.0.3
cpe:2.3:a:ibm:db2:9.7.0.3:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.7.0.4
cpe:2.3:a:ibm:db2:9.7.0.4:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.7.0.5
cpe:2.3:a:ibm:db2:9.7.0.5:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.7.0.6
cpe:2.3:a:ibm:db2:9.7.0.6:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.7.0.7
cpe:2.3:a:ibm:db2:9.7.0.7:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.7.0.8
cpe:2.3:a:ibm:db2:9.7.0.8:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>9.7.0.9
cpe:2.3:a:ibm:db2:9.7.0.9:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>10.1
cpe:2.3:a:ibm:db2:10.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>10.1.0.1
cpe:2.3:a:ibm:db2:10.1.0.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>10.1.0.2
cpe:2.3:a:ibm:db2:10.1.0.2:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>10.1.0.3
cpe:2.3:a:ibm:db2:10.1.0.3:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>10.5
cpe:2.3:a:ibm:db2:10.5:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>10.5.0.1
cpe:2.3:a:ibm:db2:10.5.0.1:*:*:*:*:*:*:*
IBM Corporation
ibm
>>db2>>10.5.0.2
cpe:2.3:a:ibm:db2:10.5.0.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Per http://cwe.mitre.org/data/definitions/426.html "CWE-426: Untrusted Search Path"
Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.htmlpsirt@us.ibm.com
N/A
http://seclists.org/fulldisclosure/2014/Jun/7psirt@us.ibm.com
N/A
http://secunia.com/advisories/59451psirt@us.ibm.com
N/A
http://secunia.com/advisories/59463psirt@us.ibm.com
N/A
http://secunia.com/advisories/60482psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=isg400001841psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=isg400001843psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687psirt@us.ibm.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21680454psirt@us.ibm.com
N/A
http://www-304.ibm.com/support/docview.wss?uid=swg21676135psirt@us.ibm.com
N/A
http://www.ibm.com/support/docview.wss?uid=swg1IT00686psirt@us.ibm.com
N/A
http://www.ibm.com/support/docview.wss?uid=swg21610582#4psirt@us.ibm.com
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21672100psirt@us.ibm.com
Vendor Advisory
http://www.securityfocus.com/bid/67617psirt@us.ibm.com
N/A
http://www.securitytracker.com/id/1030670psirt@us.ibm.com
N/A
http://www.securitytracker.com/id/1030671psirt@us.ibm.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/91869psirt@us.ibm.com
N/A
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/psirt@us.ibm.com
N/A
http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2014/Jun/7af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/59451af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/59463af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/60482af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=isg400001841af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=isg400001843af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21680454af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-304.ibm.com/support/docview.wss?uid=swg21676135af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=swg1IT00686af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ibm.com/support/docview.wss?uid=swg21610582#4af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21672100af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/67617af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1030670af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1030671af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/91869af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2014/Jun/7
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/59451
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/59463
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/60482
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001841
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001843
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21680454
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www-304.ibm.com/support/docview.wss?uid=swg21676135
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IT00686
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21610582#4
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21672100
Source: psirt@us.ibm.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/67617
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1030670
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1030671
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
Source: psirt@us.ibm.com
Resource: N/A
Hyperlink: http://packetstormsecurity.com/files/126940/IBM-DB2-Privilege-Escalation.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2014/Jun/7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/59451
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/59463
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/60482
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001841
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=isg400001843
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00627
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00684
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00685
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00686
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg1IT00687
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=swg21680454
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-304.ibm.com/support/docview.wss?uid=swg21676135
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg1IT00686
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21610582#4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.ibm.com/support/docview.wss?uid=swg21672100
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/67617
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1030670
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1030671
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/91869
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-0907/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

282Records found

CVE-2008-2513
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.49% / 38.62%
||
7 Day CHG~0.00%
Published-02 Jun, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-1600
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.38% / 29.97%
||
7 Day CHG~0.00%
Published-31 Mar, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2004-1028
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.45% / 35.99%
||
7 Day CHG~0.00%
Published-22 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2008-0584
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.41%
||
7 Day CHG~0.00%
Published-05 Feb, 2008 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) swap, (2) swapoff, and (3) swapon programs.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2008-0586
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 33.29%
||
7 Day CHG~0.00%
Published-05 Feb, 2008 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors related to the (1) lchangevg, (2) ldeletepv, (3) putlvodm, (4) lvaryoffvg, and (5) lvgenminor programs in bos.rte.lvm; and the (6) tellclvmd program in bos.clvm.enh.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-0368
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.33% / 25.24%
||
7 Day CHG~0.00%
Published-18 Jan, 2008 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-informix_dynamic_servern/a
CVE-2007-6050
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.32% / 23.88%
||
7 Day CHG~0.00%
Published-20 Nov, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."

Action-Not Available
Vendor-unixn/aIBM CorporationMicrosoft CorporationLinux Kernel Organization, Inc
Product-windowslinux_kernelunixdb2_universal_databasen/a
CVE-2001-0533
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.40% / 32.39%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2007-5764
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.52% / 40.17%
||
7 Day CHG~0.00%
Published-25 Jan, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2004-0544
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.22% / 65.08%
||
7 Day CHG~0.00%
Published-10 Jun, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2007-4791
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.39% / 30.84%
||
7 Day CHG~0.00%
Published-10 Sep, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4217
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 32.66%
||
7 Day CHG~0.00%
Published-05 Nov, 2007 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4621
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.41%
||
7 Day CHG~0.00%
Published-05 Nov, 2007 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-4622
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.33% / 25.24%
||
7 Day CHG~0.00%
Published-05 Nov, 2007 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2007-4355
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.41%
||
7 Day CHG~0.00%
Published-15 Aug, 2007 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2007-4623
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.51% / 39.87%
||
7 Day CHG~0.00%
Published-05 Nov, 2007 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-1999-0089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 32.67%
||
7 Day CHG~0.00%
Published-04 Feb, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AIX libDtSvc library can allow local users to gain root access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2003-1050
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.39% / 69.04%
||
7 Day CHG~0.00%
Published-20 Aug, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2n/a
CVE-2003-0697
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.35% / 27.06%
||
7 Day CHG~0.00%
Published-23 Sep, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2007-1087
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.53% / 40.64%
||
7 Day CHG~0.00%
Published-23 Feb, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-4864
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.49% / 38.35%
||
7 Day CHG~0.00%
Published-06 Oct, 2007 | 21:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-1798
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.45% / 36.34%
||
7 Day CHG~0.00%
Published-02 Apr, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2007-1086
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.20%
||
7 Day CHG~0.00%
Published-23 Feb, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."

Action-Not Available
Vendor-n/aIBM CorporationSun Microsystems (Oracle Corporation)Linux Kernel Organization, IncHP Inc.Microsoft Corporation
Product-hp-uxwindows_xpsolarisaixdb2_universal_databaselinux_kerneln/a
CVE-2002-1548
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 33.41%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2005-2233
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.49% / 38.73%
||
7 Day CHG~0.00%
Published-12 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2006-5818
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.47% / 37.17%
||
7 Day CHG~0.00%
Published-08 Nov, 2006 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_dominon/a
CVE-2006-4416
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.40% / 32.21%
||
7 Day CHG~0.00%
Published-28 Aug, 2006 | 20:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2016-5985
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.42% / 33.93%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow when Journal-Based Backup is enabled. A local attacker could overflow a buffer and execute arbitrary code on the system or cause a system crash.

Action-Not Available
Vendor-IBM Corporation
Product-aixtivoli_storage_managerTivoli Storage Manager
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2006-5006
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.48% / 38.28%
||
7 Day CHG~0.00%
Published-27 Sep, 2006 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2016-6065
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 30.00%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Database Activity Monitor appliance could allow a local user to inject commands that would be executed as root.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardiumGuardium
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2006-5009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.44% / 35.35%
||
7 Day CHG~0.00%
Published-27 Sep, 2006 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2006-4522
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.40% / 31.60%
||
7 Day CHG~0.00%
Published-01 Sep, 2006 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2006-5003
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 32.78%
||
7 Day CHG~0.00%
Published-27 Sep, 2006 | 01:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2006-5011
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.39% / 31.36%
||
7 Day CHG~0.00%
Published-27 Sep, 2006 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine".

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2006-2647
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.40% / 31.51%
||
7 Day CHG~0.00%
Published-30 May, 2006 | 10:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2012-2200
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.00%
||
7 Day CHG~0.00%
Published-27 Jun, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.

Action-Not Available
Vendor-n/aIBM Corporation
Product-viosaixn/a
CVE-2013-4011
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-7.2||HIGH
EPSS-2.85% / 84.98%
||
7 Day CHG~0.00%
Published-18 Jul, 2013 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixviosn/a
CVE-2006-1246
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.45% / 35.80%
||
7 Day CHG~0.00%
Published-17 Mar, 2006 | 11:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2005-4863
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.49% / 38.35%
||
7 Day CHG~0.00%
Published-06 Oct, 2007 | 21:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.

Action-Not Available
Vendor-n/aIBM Corporation
Product-db2_universal_databasen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2005-4068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.37% / 29.04%
||
7 Day CHG~0.00%
Published-08 Dec, 2005 | 01:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2005-4271
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.49% / 38.73%
||
7 Day CHG~0.00%
Published-15 Dec, 2005 | 22:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-1552
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.32% / 23.62%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0130
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.05% / 60.26%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Local users can start Sendmail in daemon mode and gain root privileges.

Action-Not Available
Vendor-eric_allmanbsdin/aHP Inc.IBM CorporationFreeBSD FoundationRed Hat, Inc.The MITRE Corporation (Caldera)
Product-linuxsendmailbsd_osfreebsdhp-uxaixnetwork_desktopn/a
CVE-2005-3749
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.38% / 29.83%
||
7 Day CHG~0.00%
Published-22 Nov, 2005 | 11:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0091
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 32.67%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AIX writesrv command allows local users to obtain root access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-1999-0072
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.41% / 32.67%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in AIX xdat gives root access to local users.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2018-1980
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.53% / 40.69%
||
7 Day CHG~0.00%
Published-11 Mar, 2019 | 22:00
Updated-17 Sep, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2 for Linux, UNIX and Windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-1936
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.51% / 39.61%
||
7 Day CHG~0.00%
Published-03 Apr, 2019 | 13:50
Updated-16 Sep, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.

Action-Not Available
Vendor-IBM CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowsdb2linux_kernelDB2Db2
CWE ID-CWE-787
Out-of-bounds Write
CVE-2005-2236
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-1.07% / 60.86%
||
7 Day CHG+0.04%
Published-12 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.

Action-Not Available
Vendor-n/aIBM Corporation
Product-aixn/a
CVE-2018-1903
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.39% / 30.71%
||
7 Day CHG~0.00%
Published-10 Apr, 2019 | 14:30
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, and 6.0.0 could allow a user with restricted sudo access on a system to manipulate CD UNIX to gain full sudo access. IBM X-Force ID: 152532.

Action-Not Available
Vendor-IBM Corporation
Product-sterling_connect\Sterling Connect:Direct for UNIX
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found