Security Bulletin: Vulnerabilities in libxml2 (CVE-2026-0989, CVE-2026-0990, CVE-2026-0992) affect AIX

Summary Vulnerabilities in libxml2 could cause a denial of service CVE-2026-0989, CVE-2026-0990, CVE-2026-0992. AIX uses libxml2 as part of its XML parsing functions. Vulnerability Details CVEID:CVE-2026-6732 DESCRIPTION: A flaw was found in libxml2. This vulnerability occurs when the library...

AIX Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)

IBM SECURITY ADVISORY First Issued: Tue Mar 17 15:18:12 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/pythonadvisory18.asc Security Bulletin: AIX Python is vulnerable to a null pointer dereference CVE-2026-24515 and an intege...

Vulnerability in libxml2 (CVE-2025-8732) affects AIX

IBM SECURITY ADVISORY First Issued: Wed Feb 18 08:44:14 CST 2026 |Updated: Fri Mar 13 13:55:04 CDT 2026 |Update: Added iFix information for VIOS 3.1. The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/libxml2advisory10.asc Security Bulleti...

CVE-2025-36371

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an information vulnerability in the database plan cache implementation. A user with access to the database plan cache could see information they do not have authority to view...

AIX : Multiple Vulnerabilities (IJ56113)

The version of AIX installed on the remote host is prior to APAR IJ56113. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ56113 advisory. - IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute...

EUVD-2025-29617

Malicious code in bioql PyPI...

CVE-2025-36244

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables...

CVE-2025-36244

CVE-2025-36244 : IBM AIX/VIOS Kerberos vulnerability allowing a local user to write to arbitrary files with root privileges due to improper initialization of critical variables. Affected: AIX 7.2, 7.3; VIOS 3.1, 4.1; vulnerable fileset: krb5.client.rte (1.16.1.0–1.16.1.7). CVSS base score 7.4 (HI...

The vulnerability of the IBM i operating system, related to the disclosure of information through incompatibility, allows a perpetrator to disclose protected information.

The vulnerability of the IBM i operating system is related to the exposure of information through incompatibility. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

The vulnerability of the TCP/IP kernel extension in the AIX operating system allows a hacker to cause a service failure.

The vulnerability of the TCP/IP kernel extension in the AIX operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the AIX operating system, related to insufficient validation of input data, allows a perpetrator to trigger a service failure.

The vulnerability of the AIX operating system is related to insufficient checking of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

PT-2023-30586 · Ibm · Ibm I +1

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.3 through 7.5 IBM i Db2 Mirror for i versions 7.4 through 7.5 Description: The issue allows clear-text passwords to be left in browser memory, which can be viewed using common browser tools before the memory is garbage...

CVE-2023-45170

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968...

CVE-2023-40686

Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain component access to the operating system. IBM...

PT-2023-6768 · Ibm · Ibm I

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.2 through 7.5 Description: The issue is related to insecure privilege management in the Management Central component of the IBM i operating system. A malicious actor with command line access to the operating system can exploi...

CVE-2023-40375

Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580...

Vulnerabilities fixed in IBM AIX

IBM has fixed vulnerabilities in AIX. The vulnerabilities allow a local, authenticated user to execute arbitrary execute commands on the system. Even those for which the malicious user is not initially authorized to do. IBM has released updates to fix the vulnerabilities in AIX. For more...

CVE-2022-43849

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170...

IBM AIX 安全漏洞

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unauthorized local attackers to achieve a denial of service via the AIX SMB...

IBM AIX 资源管理错误漏洞

IBM AIX is an open standards-based UNIX operating system developed by IBM for the IBM Power architecture. IBM AIX denial of service vulnerability, which stems from inadequate validation of user-supplied input in the product's nimsh daemon, can be exploited by remote attackers to cause a denial of...