Aix Security Vulnerabilities and Issues — Page 2 of Aix CVE List

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

7.8CVSS7.5AI score0.00627EPSS

CVE•added 2023/11/10 4:15 a.m.•76 views

CVE-2023-45167

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965.

6.2CVSS5.7AI score0.00014EPSS

CVE•added 1999/09/29 4:0 a.m.•74 views

CVE-1999-0018

Buffer overflow in statd allows root privileges.

10CVSS7.7AI score0.10302EPSS

CVE•added 1999/09/29 4:0 a.m.•72 views

CVE-1999-0128

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

5CVSS9.2AI score0.15798EPSS

CVE•added 2003/10/06 4:0 a.m.•72 views

CVE-2003-0681

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences.

7.5CVSS6.8AI score0.12435EPSS

CVE•added 1999/09/29 4:0 a.m.•71 views

CVE-1999-0138

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

7.2CVSS7.4AI score0.00095EPSS

CVE•added 1999/09/29 4:0 a.m.•69 views

CVE-1999-0023

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

7.2CVSS8AI score0.00705EPSS

CVE•added 2021/08/26 8:15 p.m.•69 views

CVE-2021-29801

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.

8.4CVSS7.2AI score0.00034EPSS

CVE•added 2022/12/23 7:15 p.m.•69 views

CVE-2022-43380

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640.

6.2CVSS5.8AI score0.00016EPSS

CVE•added 2002/07/23 4:0 a.m.•68 views

CVE-2002-0677

CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

7.5CVSS6.8AI score0.19026EPSS

CVE•added 2017/02/01 8:59 p.m.•68 views

CVE-2016-3053

IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.

7.8CVSS7.2AI score0.03041EPSS

CVE•added 2000/02/04 5:0 a.m.•67 views

CVE-1999-0078

pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call.

1.9CVSS7.3AI score0.00139EPSS

CVE•added 2001/12/06 5:0 a.m.•67 views

CVE-2001-0671

Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges.

10CVSS6.8AI score0.05644EPSS

CVE•added 2020/12/10 11:15 p.m.•67 views

CVE-2020-4829

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.

8.4CVSS7.5AI score0.00038EPSS

CVE•added 2022/12/23 7:15 p.m.•67 views

CVE-2022-40233

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599.

6.2CVSS5.8AI score0.00025EPSS

CVE•added 2022/12/23 8:15 p.m.•67 views

CVE-2022-41290

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.

8.4CVSS7.9AI score0.00021EPSS

CVE•added 2013/07/06 1:57 p.m.•66 views

CVE-2013-3005

The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.

8.5CVSS6AI score0.01244EPSS

CVE•added 1999/09/29 4:0 a.m.•65 views

CVE-1999-0014

Unauthorized privileged access or denial of service via dtappgather program in CDE.

7.2CVSS7.4AI score0.0086EPSS

CVE•added 2021/08/26 8:15 p.m.•65 views

CVE-2021-29862

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.

6.2CVSS5.7AI score0.00041EPSS

CVE•added 2005/02/07 5:0 a.m.•64 views

CVE-2005-0156

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

2.1CVSS7AI score0.00386EPSS

CVE•added 2009/05/26 3:30 p.m.•64 views

CVE-2009-1786

The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable.

6.9CVSS6.1AI score0.00159EPSS

CVE•added 2021/11/17 2:15 p.m.•64 views

CVE-2021-29860

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084.

6.2CVSS5.8AI score0.00108EPSS

CVE•added 1999/09/29 4:0 a.m.•63 views

CVE-1999-0064

Buffer overflow in AIX lquerylv program gives root access to local users.

7.2CVSS7.5AI score0.00284EPSS

CVE•added 2005/01/06 5:0 a.m.•63 views

CVE-2004-1329

Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.

7.2CVSS7.2AI score0.00424EPSS

CVE•added 2013/06/21 2:55 p.m.•63 views

CVE-2013-3035

The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.

7.1CVSS6.2AI score0.06657EPSS

CVE•added 1999/09/29 4:0 a.m.•62 views

CVE-1999-0208

rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.

10CVSS7.1AI score0.60187EPSS

CVE•added 2017/02/15 7:59 p.m.•62 views

CVE-2016-6079

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

7.8CVSS7.2AI score0.02047EPSS

CVE•added 2022/01/11 5:15 p.m.•62 views

CVE-2021-38991

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.

8.4CVSS7.4AI score0.00081EPSS

CVE•added 1999/09/29 4:0 a.m.•61 views

CVE-1999-0022

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

7.8CVSS7.4AI score0.00254EPSS

CVE•added 1999/09/29 4:0 a.m.•61 views

CVE-1999-0042

Buffer overflow in University of Washington's implementation of IMAP and POP servers.

10CVSS7.1AI score0.05486EPSS

CVE•added 1999/09/29 4:0 a.m.•61 views

CVE-1999-0116

Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.

5CVSS6.7AI score0.09037EPSS

CVE•added 2003/04/02 5:0 a.m.•61 views

CVE-2002-0678

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

7.2CVSS6.2AI score0.0043EPSS

CVE•added 2017/02/02 10:59 p.m.•61 views

CVE-2017-1093

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.

7.8CVSS7.4AI score0.00047EPSS

CVE•added 2008/06/02 9:30 p.m.•60 views

CVE-2008-2513

Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.

7.2CVSS6.9AI score0.00107EPSS

CVE•added 2001/05/07 4:0 a.m.•59 views

CVE-2000-1119

Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.

4.6CVSS7.3AI score0.00126EPSS

CVE•added 2014/05/08 10:55 a.m.•59 views

CVE-2014-0930

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

4.7CVSS5.7AI score0.00112EPSS

CVE•added 2021/08/26 8:15 p.m.•59 views

CVE-2021-29727

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106.

6.2CVSS5.7AI score0.00037EPSS

CVE•added 2023/12/13 11:15 p.m.•59 views

CVE-2023-45166

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964.

8.4CVSS7.5AI score0.00024EPSS

CVE•added 2003/12/15 5:0 a.m.•58 views

CVE-2003-0914

ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

4.3CVSS6.2AI score0.19846EPSS

CVE•added 2022/09/13 9:15 p.m.•58 views

CVE-2022-36768

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014.

8.4CVSS7.2AI score0.00029EPSS

CVE•added 1999/09/29 4:0 a.m.•57 views

CVE-1999-0048

Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.

10CVSS8.3AI score0.01283EPSS

CVE•added 1999/09/29 4:0 a.m.•57 views

CVE-1999-0085

Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.

7.5CVSS8.7AI score0.04745EPSS

CVE•added 2004/05/04 4:0 a.m.•57 views

CVE-2004-0368

Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.

10CVSS7.3AI score0.54074EPSS

CVE•added 2005/07/12 4:0 a.m.•57 views

CVE-2005-2236

Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.

7.2CVSS7.7AI score0.00608EPSS

CVE•added 2012/06/22 10:24 a.m.•57 views

CVE-2012-2179

libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

6.9CVSS5.8AI score0.00223EPSS

CVE•added 2024/01/11 2:15 a.m.•57 views

CVE-2023-45175

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973.

6.2CVSS5AI score0.00017EPSS

CVE•added 1999/09/29 4:0 a.m.•56 views

CVE-1999-0041

Buffer overflow in NLS (Natural Language Service).

7.5CVSS7.7AI score0.07175EPSS

Total number of security vulnerabilities387