AIX Perl is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

IBM SECURITY ADVISORY First Issued: Tue Mar 17 15:13:56 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory13.asc Security Bulletin: AIX Perl is vulnerable to a null pointer dereference CVE-2026-24515 and an integer...

CVE-2025-33112

IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input...

CVE-2025-33112

IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input...

AIX is vulnerable to arbitrary command execution due to Perl (CVE-2025-33112)

IBM SECURITY ADVISORY First Issued: Tue Jun 10 08:28:43 CDT 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/perladvisory9.asc Security Bulletin: AIX is vulnerable to arbitrary command execution due to Perl CVE-2025-33112...

Security Bulletin: AIX is vulnerable to a privilege escalation vulnerability (CVE-2022-34356)

Summary UPDATED Oct 10 Added iFixes with the correct prereqs for VIOS 3.1.2.30 and 3.1.2.40: A vulnerability in the AIX kernel could allow a non-privileged local user to obtain root privileges CVE-2022-34356. Vulnerability Details CVEID:CVE-2022-34356 DESCRIPTION: IBM AIX could allow a...

AIX : Multiple Vulnerabilities (IJ53923)

The version of AIX installed on the remote host is prior to APAR IJ53923. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ53923 advisory. - IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due...

AIX : Multiple Vulnerabilities (IJ53757) (deprecated)

The vendor has closed the APAR as a program error. %NASLMINLEVEL 80900 C Tenable, Inc. Disabled on 2026/02/12. Advisory states "Closed as program error" and "Removed security issue." include'compat.inc'; if description scriptid232951; scriptversion"1.5";...

AIX : Multiple Vulnerabilities (IJ53929)

The version of AIX installed on the remote host is prior to APAR IJ53929. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ53929 advisory. - IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due...

AIX is vulnerable to arbitrary command execution (CVE-2024-56346 CVE-2024-56347)

IBM SECURITY ADVISORY First Issued: Tue Mar 18 10:46:14 CDT 2025 |Updated: Thu Apr 10 09:01:49 CDT 2025 |Update: The included README was updated for clarity. The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/nimadvisory.asc Security...

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2024-25062)

Summary Vulnerability in libxml2 could allow a remote attacker to cause a denial of service CVE-2024-25062. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2024-25062 DESCRIPTION: An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. Whe...

AIX is vulnerable to a denial of service (CVE-2024-2398) and security restrictions bypass (CVE-2024-2466 CVE-2024-2004) due to cURL libcurl

IBM SECURITY ADVISORY First Issued: Thu Aug 22 15:50:03 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory6.asc Security Bulletin: AIX is vulnerable to a denial of service CVE-2024-2398 and security restrictions bypas...

Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2024-6387) due to OpenSSH

Summary Vulnerability in AIX's OpenSSH could allow a remote attacker to execute arbitrary code CVE-2024-6387. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a...

AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)

IBM SECURITY ADVISORY First Issued: Thu Jun 20 15:10:42 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory5.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl CVE-2024-0853...

Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)

Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands CVE-2024-27260. Vulnerability Details CVEID:CVE-2024-27260 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to...

AIX (IJ50428)

The version of AIX installed on the remote host is prior to APAR IJ50428. It is, therefore, affected by a vulnerability as referenced in the IJ50428 advisory. - sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to...

AIX (IJ50433)

The version of AIX installed on the remote host is prior to APAR IJ50433. It is, therefore, affected by a vulnerability as referenced in the IJ50433 advisory. - sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to...

AIX (IJ50635)

The version of AIX installed on the remote host is prior to APAR IJ50635. It is, therefore, affected by a vulnerability as referenced in the IJ50635 advisory. - An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and...

AIX (IJ50934)

The version of AIX installed on the remote host is prior to APAR IJ50934. It is, therefore, affected by a vulnerability as referenced in the IJ50934 advisory. - IBM AIX's Unix domain AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1 datagram socket implementation could potentially expose applications using Un...

AIX (IJ50935)

The version of AIX installed on the remote host is prior to APAR IJ50935. It is, therefore, affected by a vulnerability as referenced in the IJ50935 advisory. - IBM AIX's Unix domain AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1 datagram socket implementation could potentially expose applications using Un...

AIX (IJ50827)

The version of AIX installed on the remote host is prior to APAR IJ50827. It is, therefore, affected by a vulnerability as referenced in the IJ50827 advisory. - An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and...