18 matches found
AIX is vulnerable to a denial of service (CVE-2025-9086) due to cURL libcurl
IBM SECURITY ADVISORY First Issued: Wed Dec 10 16:31:39 CST 2025 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curladvisory8.asc Security Bulletin: AIX is vulnerable to a denial of service CVE-2025-9086 due to cURL libcurl...
AIX is affected by a denial of service due to Python (CVE-2024-0450)
IBM SECURITY ADVISORY First Issued: Mon Jun 24 15:07:51 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory10.asc Security Bulletin: AIX is affected by a denial of service due to Python CVE-2024-0450...
AIX 7.1 TL 5 : bind (IJ40617)
https://vulners.com/cve/CVE-2021-25220 https://vulners.com/cve/CVE-2021-25220 ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when using DNS forwarders. An attacker could exploit this vulnerability to poison the cache with incorrect records leading to...
AIX (IJ41706)
The version of AIX installed on the remote host is prior to APAR IJ41706. It is, therefore, affected by a vulnerability as referenced in the IJ41706 advisory. - IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root...
AIX is affected by arbitrary code execution and denial of service due to Python
IBM SECURITY ADVISORY First Issued: Tue Nov 1 10:11:15 CDT 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/pythonadvisory2.asc https://aix.software.ibm.com/aix/efixes/security/pythonadvisory2.asc...
AIX (IJ36593)
The version of AIX installed on the remote host is prior to APAR IJ36593. It is, therefore, affected by a vulnerability as referenced in the IJ36593 advisory. - IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cau...
AIX 7.1 TL 3 : sysproc (IV91488)
https://vulners.com/cve/CVE-2016-8944 https://vulners.com/cve/CVE-2016-8944 IBM AIX allows a local user to open a file with a specially crafted argument that would crash the system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was extracted from AIX Security...
AIX 7.2 TL 0 : bind (IV89831) (deprecated)
https://vulners.com/cve/CVE-2016-2776 https://vulners.com/cve/CVE-2016-2776 ISC BIND is vulnerable to a denial of service, caused by an assertion failure in buffer.c while a nameserver is building responses to a specifically constructed request. By sending a specially crafted DNS packet, a remote...
AIX 7.1 TL 2 : ntp (IV74262)
Network Time Protocol NTP Project NTP daemon ntpd is vulnerable to a denial of service, caused by an error when using symmetric key authentication. By sending specially-crafted packets to both peering hosts, an attacker could exploit this vulnerability to prevent synchronization. %NASLMINLEVEL...
AIX 5.3 TL 12 : bind9 (IV68997)
CVE-2014-8500 ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service memory consumption and named crash via a large or infinite number of referrals. Please see following for more...
AIX NAS Advisory : nas_advisory2.asc
The version of the Network Authentication Service NAS installed on the remote AIX host is affected by a vulnerability related to Kerberos 5 which allows authenticated users to retrieve current keys, which can be used to forge tickets. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text ...
AIX 6.1 TL 9 : lvm (IV68099) (deprecated)
The running of lquerylv command with variable DBGCMDLQUERYLV set may allow a local user to gain root privileges. This plugin is deprecated and has been replaced by plugin 81108. %NASLMINLEVEL 999999 C Tenable Network Security, Inc. @DEPRECATED@ The text in the description was extracted from AIX...
AIX 7.1 TL 2 : ptrace (IV58861)
IBM AIX is vulnerable to a denial of service, caused by an error in the ptrace function. A local attacker could exploit this vulnerability to cause a system crash. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was extracted from AIX Security Advisory...
AIX OpenSSH Vulnerability : openssh_advisory3.asc
The mmnewkeysfromblob function in monitorwrap.c in sshd in OpenSSH 6.2 and 6.3, when an AES-GCM cipher is used, does not properly initialize memory for a MAC context data structure, which allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet dat...
AIX 6.1 TL 7 : cmdque (IV47427)
Printer commands mkque and mkquedev are susceptible to buffer overflow by users belonging to the 'printq' group. These commands are owned by 'root' and SUID bit set. The group is set to 'printq'. By default, no users are belong to the 'printq'. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
AIX 5.3 TL 0 : nddstat (IZ17058)
The nddstat family of commands contains an environment variable handling error. A local attacker may exploit this error to execute arbitrary code with root privileges because the commands are setuid root. The following files are vulnerable : /usr/sbin/atmstat /usr/sbin/entstat /usr/sbin/fddistat...
AIX 5.3 TL 0 : errpt (IZ22346)
The errpt command contains a buffer which can overflow. A local attacker may exploit this overflow to execute arbitrary code with root privileges because the command is setuid root. The following files are vulnerable : /usr/bin/errpt. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text ...
AIX 5.3 TL 12 : ftpd (IZ83276)
There is a buffer overflow vulnerability in the ftp server. By issuing an overly long NLST command, an attacker may cause a buffer overflow. The successful exploitation of this vulnerability allows a remote attacker to get the DES encrypted user hashes off the server if FTP is configured to allow...