620 matches found
AIX is affected by a denial of service (CVE-2024-0397) and information disclosure (CVE-2024-4032 CVE-2024-37891) due to Python
IBM SECURITY ADVISORY First Issued: Tue Sep 17 16:13:13 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory12.asc Security Bulletin: AIX is affected by a denial of service CVE-2024-0397 and information disclosure...
AIX is vulnerable to a denial of service (CVE-2024-2511 CVE-2024-0727) due to OpenSSL
IBM SECURITY ADVISORY First Issued: Tue Jul 16 15:22:01 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/openssladvisory41.asc Security Bulletin: AIX is vulnerable to a denial of service CVE-2024-2511, CVE-2024-0727 due to OpenS...
Security Bulletin: AIX is vulnerable to arbitrary code execution (CVE-2024-6387) due to OpenSSH
Summary Vulnerability in AIX's OpenSSH could allow a remote attacker to execute arbitrary code CVE-2024-6387. OpenSSH is used by AIX for remote login. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow a remote attacker to execute arbitrary code on the system, caused by a...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-21085 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to...
CVE-2024-27260
IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985...
CVE-2024-27260
IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985...
CVE-2024-27260
CVE-2024-27260 : IBM AIX and VIOS are affected by a vulnerability in the invscout command that could allow a non-privileged local user to execute arbitrary commands. Affected products/versions: AIX 7.2 and 7.3; VIOS 3.1 and 4.1 (invscout.rte 2.2.0.0–2.2.0.26). Root cause is the invscout component...
Security Bulletin: AIX is vulnerable to arbitrary command execution due to invscout (CVE-2024-27260)
Summary A vulnerability in the AIX invscout command could allow a non-privileged local user to execute arbitrary commands CVE-2024-27260. Vulnerability Details CVEID:CVE-2024-27260 DESCRIPTION: IBM AIX could allow a non-privileged local user to exploit a vulnerability in the invscout command to...
PT-2024-21778 · Ibm · Vios +1
Name of the Vulnerable Software and Affected Versions: IBM AIX versions 7.2 through 7.3 VIOS versions 3.1 through 4.1 Description: A vulnerability in the invscout command allows a non-privileged local user to execute arbitrary commands. This issue poses a high risk and could be exploited by...
CVE-2024-27273
IBM AIX's Unix domain AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1 datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SOPEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903...
Security Bulletin: AIX is vulnerable to privilege escalation (CVE-2024-27273)
Summary Vulnerability in the AIX kernel may lead to privilege escalation CVE-2024-27273. Vulnerability Details CVEID:CVE-2024-27273 DESCRIPTION: IBM AIX's Unix domain datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SOPEERID operation an...
PT-2024-21786 · Ibm · Vios +1
Name of the Vulnerable Software and Affected Versions: IBM AIX versions 7.2 through 7.3 VIOS versions 3.1 through 4.1 Description: The Unix domain datagram socket implementation in IBM AIX could potentially expose applications using Unix domain datagram sockets with the SO PEERID operation, which...
AIX is vulnerable to arbitrary code execution due to RPM (CVE-2023-7104)
IBM SECURITY ADVISORY First Issued: Wed Apr 24 15:34:58 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/rpmadvisory2.asc Security Bulletin: AIX is vulnerable to arbitrary code execution due to RPM CVE-2023-7104...
Security Bulletin: AIX is vulnerable to privilege escalation and denial of service (CVE-2023-45166, CVE-2023-45174, CVE-2023-45170)
Summary UPDATED Feb 2 2024 New iFixes are available. The new iFixes resolve a technical issue with print queue status. Both sets of iFixes new and original resolve the security vulnerabilities described in the bulletin. The new iFixes are only needed if you experience the technical issue describe...
Security Bulletin: AIX is vulnerable to email spoofing due to sendmail (CVE-2023-51765)
Summary Vulnerability in sendmail could allow a remote attacker to spoof an email CVE-2023-51765. Vulnerability Details CVEID:CVE-2023-51765 DESCRIPTION: Proofpoint sendmail is vulnerable to SMTP smuggling, caused by improper handling of line endings . in an email message. By sending a specially...
IBM AIX/VIOS Command Execution Vulnerability
IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. A command execution vulnerability exists in IBM AIX version 7.3, VIOS version 4.1, which stems from Perl's failure to properly filter construct command special...
Multiple vulnerabilities in IBM Java SDK affect AIX
IBM SECURITY ADVISORY First Issued: Thu Mar 7 15:16:48 CST 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/javafeb2024advisory.asc Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX...
CVE-2024-25021
IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320...
Code injection
IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320...
CVE-2024-25021
CVE-2024-25021 affects IBM AIX 7.3 and VIOS 4.1 where Perl's runtime could allow a non-privileged local user to execute arbitrary commands. Affected fileset: perl.rte (levels 5.34.0.0–5.34.1.5); remediation recommends perl.rte.5.34.1.6 on AIX 7.3 TL1+ and VIOS 4.1, with an OpenSSL 3.0 dependency....