400 matches found
CVE-2001-0554
CVE-2001-0554 affects netkit-telnetd (Telnet daemon) on BSD-based systems, via a buffer overflow in in.telnetd/telrcv handling (triggered by certain Telnet options such as AYT). OpenVAS entries describe a remote attacker potentially causing denial of service or gaining remote code execution; at l...
CVE-2014-3566
CVE-2014-3566 (POODLE) affects SSLv3 in AIX and related IBM components. IBM’s advisory (nettcp) states SSLv3 padding oracle vulnerability could allow MITM decryption of SSL sessions. Affected: AIX 6.1/7.1 and VIOS 2.2.x with vulnerable bos.net.tcp.client/server file sets (various lower/upper leve...
CVE-2000-1124
The CVE-2000-1124 entry describes a local privilege-escalation flaw in IBM AIX 4.3.x: a buffer overflow in the piobe command caused by long environmental variables. The affected component is the piobe command on IBM AIX 4.3.x; the underlying issue is a buffer overflow allowing local users to gain...
CVE-1999-0524
CVE-1999-0524 is an ICMP information-disclosure vulnerability where ICMP replies reveal (1) netmask and (2) timestamp to arbitrary hosts. Connected reports link it to multiple products (e.g., Nutanix AHV advisories NXSA‑AHV series and ABB M2M Gateway plugin) and describe the issue as an informati...
CVE-1999-0024
CVE-1999-0024 describes a DNS cache-poisoning flaw in BIND caused by predictable DNS query IDs. The connected sources consistently state DNS cache poisoning via BIND, with related discussions in Red Hat/Security advisories and CERT context. The materials do not provide a concrete patch version or...
CVE-2020-4788
CVE-2020-4788 affects IBM Power9 processors (AIX 7.1, 7.2, and VIOS 3.1) and allows a local attacker to obtain sensitive information from data in the L1 cache under extenuating circumstances. The connected IBM advisory lists remediation through iFixes/APARs: AIX 7.1.5.x (APAR IJ28229 family), AIX...
CVE-1999-0017
CVE-1999-0017 is a documented FTP bounce vulnerability where an FTP server can be abused to connect to arbitrary ports on an attacker-controlled host by exploiting the PORT/PORT-like mechanisms. The core issue is that an FTP server’s data connection handling allows bounce traffic to other hosts (...
CVE-2001-0797
CVE-2001-0797 is a buffer overflow in the System V–derived /bin/login (affecting login/telnetd implementations such as TTYPROMPT) triggered by a large number of arguments, enabling remote arbitrary-command execution. The vulnerability affects various System V based OSes and can be exploited via s...
CVE-2003-0285
CVE-2003-0285 involves IBM AIX 5.2 and earlier shipping Sendmail with three options enabled (promiscuous_relay, accept_unresolvable_domains, accept_unqualified_senders) in sendmail.cf, creating an open mail relay that can be abused for spam. The core issue is a misconfiguration enabling relay fro...
CVE-1999-0038
CVE-1999-0038 describes a buffer overflow in the xlock program that allows local users to execute commands as root. The connected sources (Red Hat CVE entry, PT Security listing, and multiple feeds) corroborate a local-privilege escalation due to a buffer overflow in xlock, but the documents do n...
CVE-2023-26286
CVE-2023-26286 affects IBM AIX and VIOS: AIX 7.1, 7.2, 7.3 and VIOS 3.1 are vulnerable to arbitrary command execution via a flaw in the AIX runtime services library (librts). The IBM advisory IJ45981 and related APARs specify affected filesets and TL/SP ranges, with remediation through APARs IJ45...
CVE-1999-0513
CVE-1999-0513 describes a vulnerability where ICMP messages to broadcast addresses are allowed, enabling a Smurf attack that can cause a denial of service. The primary sources (NVD, Red Hat, and CVE listings) consistently state that the issue involves ICMP traffic to broadcast addresses, resultin...
CVE-2022-22351
The CVE-2022-22351 issue affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, where a non-privileged trusted host user can exploit a nimsh daemon vulnerability to cause a denial of service on the nimsh daemon of another trusted host. Affected filesets include bos.sysmgt.nim.client across TLs 7.1.5.x, 7.2....
CVE-2024-56346
Summary of CVE-2024-56346 and related IBM AIX NIM vulnerabilities. The primary issue involves the nimsh/NIM master service on IBM AIX (NIM master) enabling remote code execution due to improper process controls. Affected products/versions per connected advisories: AIX 7.2 and 7.3, and VIOS 3.1 an...
CVE-2023-28528
CVE-2023-28528 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. The vulnerability resides in the invscout command, enabling a non-privileged local user to trigger arbitrary command execution via a set-UID root context (a command-injection weakness). Affected fileset: invscout.rte (2.2.0.0–2.2.0.23). R...
CVE-2021-38995
CVE-2021-38995 affects the IBM AIX kernel on AIX 7.1, 7.2, 7.3 and VIOS 3.1, allowing a non-privileged local user to cause a denial of service. The IBM Security Bulletin (and NVD entry) cite a kernel vulnerability with an impact to availability (DoS) and list affected filesets and TL/SP levels. A...
CVE-1999-0097
The CVE-1999-0097 entry concerns the AIX FTP client, where a malicious FTP server can force execution of shell commands on the client via metacharacters (for example, a pipe). The issue is documented across multiple sources (NVD, CVE list) and is consistent with historical CERT/Red Hat advisories...
CVE-2021-38955
CVE-2021-38955 affects IBM AIX 7.1/7.2/7.3 and VIOS 3.1. A local user with elevated privileges can trigger a denial of service due to a file-creation vulnerability in the audit commands. Root cause: issues in the audit component leading to DoS when files are created. Valid exploitation details ar...
CVE-2022-22350
CVE-2022-22350 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, where a non-privileged local user can exploit a vulnerability in CAA to cause a denial of service. This is supported by multiple sources (NVD entry and CNVD/CVE records) describing a local-event DoS condition via the CAA kernel; explicit ...
CVE-2021-38994
CVE-2021-38994 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. The IBM Security Bulletin notes a kernel vulnerability exploitable by a non-privileged local user that can cause a denial of service. Affected filesets include bos.mp64 across TLs 7.1.5.x, 7.2.4.x, 7.2.5.x, and 7.3.0.x with corresponding ...
CVE-2024-25021
CVE-2024-25021 affects IBM AIX 7.3 and VIOS 4.1 where Perl's runtime could allow a non-privileged local user to execute arbitrary commands. Affected fileset: perl.rte (levels 5.34.0.0–5.34.1.5); remediation recommends perl.rte.5.34.1.6 on AIX 7.3 TL1+ and VIOS 4.1, with an OpenSSL 3.0 dependency....
CVE-1999-0003
CVE-1999-0003: A buffer overflow in the ToolTalk database server (rpc.ttdbserverd) may allow an attacker to execute arbitrary commands as root. Affected component is ToolTalk’s object database server; exploitation would require access to the vulnerable service. In the provided references, the imp...
CVE-2021-38989
CVE-2021-38989 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, where a non-privileged local user could exploit a vulnerability in the AIX kernel (pmsvcs kernel extension) to cause a denial of service. Affected filesets include bos.pmapi.pmsvcs across TLs 7.1.5.0–7.3.0.0 and VIOS 3.1.x. IBM lists APAR...
CVE-2022-43381
CVE-2022-43381 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1 via the AIX SMB client. A non-privileged local user can trigger a denial of service by exploiting the SMB client daemon. Affected filesets (smbc.rte) include 7.1.0.0–7.1.302.8 and 7.2.0.0–7.2.302.8; remediation is provided as fixes in smbc...
CVE-2023-40371
CVE-2023-40371 affects IBM AIX 7.2, 7.3 and VIOS 3.1 via OpenSSH, allowing a non-privileged local user to access files outside allowed boundaries due to improper access controls. The IBM advisory (openssh_fix15) lists fixed interim packages: openssh.base (versions 8.1.102.2106 and 9.2.112.2000) w...
CVE-2022-43382
CVE-2022-43382 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. It arises from a vulnerability in the lpd daemon that allows a local user with elevated privileges to cause a denial of service. Affected filesets and AIX levels are listed in the IBM advisory IJ44552/IJ44559/IJ44562/IJ44564 with interim/...
CVE-2023-45167
CVE-2023-45167 affects IBM AIX 7.3 (Python implementation) and VIOS 4.1. A non-privileged local user could cause a denial of service via the Python component, with the root cause tied to the AIX Python stack. IBM’s advisory notes a fix is available (python3.9.base fileset, version 3.9.18.0) and p...
CVE-2022-39164
CVE-2022-39164 affects IBM AIX 7.1/7.2/7.3 and VIOS 3.1. A non-privileged local user could exploit a vulnerability in the AIX kernel to cause a denial of service. IBM specifies kernel-level fixes (APARs/IJ fixes) across AIX TLs and VIOS levels; remediation requires installing the appropriate iFix...
CVE-2024-56347
IBM AIX nimsh service SSL/TLS implementations (CVE-2024-56347) affect AIX 7.2 and 7.3 (also VIOS 3.1/4.1). Root cause: improper process controls in nimsh allow remote command execution. Impact is remote, unauthenticated access with high/critical severity in the CVSS vector (network, none/low comp...
CVE-2003-0694
CVE-2003-0694 affects Sendmail 8.12.9, where the prescan function (parsing SMTP headers in parseaddr.c) can be exploited remotely via a buffer overflow to execute arbitrary code. Debian DSA-384 also references CAN-2003-0694 in its two vulnerabilities entry. The available documents confirm affecte...
CVE-2024-27260
CVE-2024-27260 : IBM AIX and VIOS are affected by a vulnerability in the invscout command that could allow a non-privileged local user to execute arbitrary commands. Affected products/versions: AIX 7.2 and 7.3; VIOS 3.1 and 4.1 (invscout.rte 2.2.0.0–2.2.0.26). Root cause is the invscout component...
CVE-2003-0028
Technical details about CVE-2003-0028 are not present in the provided documents. The connected sources reference the CVE in Debian/OpenVAS advisories but do not specify affected products, root cause, versions, impact, or fixes.
CVE-2014-8904
CVE-2014-8904 affects IBM AIX (versions 5.3, 6.1, 7.1) and VIOS 2.2.x. The vulnerability is a local privilege escalation in lquerylv (cmdlvm) where a crafted DBGCMD_LQUERYLV environment variable enables a local user to gain root privileges. Public exploitation exists: exploit code and demonstrati...
CVE-2016-8972
CVE-2016-8972 affects IBM AIX 6.1, 7.1 and 7.2 via the bellmail client, enabling a local user to gain root privileges through a specially crafted command. Root access hinges on insecure permissions around bellmail; APARs IV91006–IV91011 exist. AIX advisories (bellmail_advisory.asc) and exploit re...
CVE-1999-0046
The CVE-1999-0046 entry documents a buffer overflow in the rlogin program triggered by the TERM environment variable. Red Hat/NVD entries confirm a buffer overflow affecting rlogin; no specific vulnerable versions or patches are provided in the supplied sources. Exploitation details, affected pro...
CVE-2021-38988
CVE-2021-38988 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1 via the AIX pfcdd kernel extension. A non-privileged local user can cause a denial of service by exploiting a vulnerability in the AIX kernel. The issue is rooted in the pfcdd extension handling of incoming messages, leading to an availabi...
CVE-2024-27273
IBM AIX (AIX 7.2, 7.3, VIOS 3.1, VIOS 4.1) has a privilege-escalation issue in the Unix domain datagram socket implementation when using SO_PEERID, potentially exposing local applications. CVSS indicates LOCAL access, LOW privileges required, with HIGH confidentiality/integrity/availability impac...
CVE-2021-38996
CVE-2021-38996 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. Connected sources indicate a vulnerability in the AIX kernel (and related CAA path) that could allow a non-privileged local user to cause a denial of service. The Nessus/NVD entries reference several APARs (IJ36682, IJ37496, IJ36596, IJ37...
CVE-2025-8732
CVE-2025-8732 affects libxml2 up to 2.14.5, with a vulnerability in xmlParseSGMLCatalog that can trigger uncontrolled recursion during SGML catalog processing. Local attackers are required, and exploit details have circulated publicly; the real-world impact remains debated in some sources. Severa...
CVE-2024-47115
CVE-2024-47115 affects IBM AIX 7.2/7.3 and VIOS 3.1/4.1, due to improper neutralization of input in the invscout component that could allow a local user to execute arbitrary commands. The vulnerable fileset is invscout.rte (AIX) with versions 2.2.0.0–2.2.0.26. IBM’s advisory (invscout_intro) list...
CVE-2021-38993
CVE-2021-38993 – details from IBM advisory Affected products: IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. Affected component: smbcd daemon. Issue: input validation error in smbcd can allow a non-privileged local user to cause a denial of service. Impact: CVSS3.0 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...
CVE-2022-39165
CVE-2022-39165 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. It is a local, non-privileged user vulnerability in the CAA component that can cause a denial of service. The IBM security bulletin notes an impact of Availability (A) = High with Privileges Required = None and Local access. AIX/VIOS patc...
CVE-2022-22444
The CVE-2022-22444 issue affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A local user could exploit a vulnerability in the lpd daemon to cause a denial of service. IBM’s advisories (lpd_advisory2.asc) list affected filesets and APARs (e.g., IJ39868, IJ39875, IJ39876, IJ39877, IJ39878) and provide fix...
CVE-2013-4011
CVE-2013-4011 affects IBM AIX 6.1/7.1 (and VIOS 2.2.2.2-FP-26 SP-02) InfiniBand subsystem components, enabling local privilege escalation via vulnerable paths in ibstat and arp.ib. Public references describe local-root escalation through a trusted SUID ibstat-based workflow and list related explo...
CVE-2000-0844
The connected records confirm CVE-2000-0844 affects Unix locale subsystem functions that fail to cleanse user-supplied format strings, enabling local attackers to execute arbitrary commands through gettext, catopen, and related calls. The root cause is improper sanitization of format strings in l...
CVE-2022-43849
CVE-2022-43849 affects IBM AIX 7.1/7.2/7.3 and VIOS 3.1 via vulnerability in the AIX pfcdd kernel extension that can allow a non-privileged local user to cause a denial of service. The connected IBM bulletin lists affected filesets and kernel extensions and provides remediation in the form of APA...
CVE-2022-43848
CVE-2022-43848 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A non-privileged local user can exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service (availability impact HIGH). The IBM bulletin lists specific APARs and iFixes across kernel, perfstat, pfcdd, NFS, TC...
CVE-1999-0019
Technical details about CVE-1999-0019 are not publicly available in the provided documents. Monitor for official advisories for affected products, impact, and remediation.
CVE-2022-34356
CVE-2022-34356 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A local, non-privileged user could exploit a vulnerability in the AIX kernel to obtain root privileges. The IBM Security Bulletin (kernel_advisory4) confirms the affected products/versions and lists the vulnerable filesets (e.g., bos.mp64...
CVE-2014-3074
The CVE-2014-3074 incident affects IBM AIX 6.1/7.1 (and VIOS 2.2.x) where the runtime linker allows local privilege escalation by manipulating MALLOCOPTIONS/MALLOCBUCKETS and then running a setuid program to create a root-owned 666 file. The root cause is in the malloc subsystem used by the AIX r...