Aix Security Vulnerabilities and Issues — Page 3 of Aix CVE List

netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

6.9CVSS6.2AI score0.00048EPSS

CVE•added 2023/01/18 7:15 p.m.•56 views

CVE-2022-47990

IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556.

7.8CVSS7.1AI score0.00016EPSS

CVE•added 2023/12/13 11:15 p.m.•56 views

CVE-2023-45170

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968.

8.4CVSS7.8AI score0.00033EPSS

CVE•added 1999/09/29 4:0 a.m.•55 views

CVE-1999-0072

Buffer overflow in AIX xdat gives root access to local users.

7.2CVSS7.5AI score0.00071EPSS

CVE•added 1999/09/29 4:0 a.m.•55 views

CVE-1999-0628

The rwho/rwhod service is running, which exposes machine status and user information.

5CVSS7.4AI score0.0061EPSS

CVE•added 2006/06/15 8:0 p.m.•55 views

CVE-1999-1589

Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.

7.2CVSS6.7AI score0.00057EPSS

CVE•added 2009/10/15 10:30 a.m.•55 views

CVE-2009-3699

Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.

10CVSS7.6AI score0.78521EPSS

CVE•added 2021/11/17 2:15 p.m.•55 views

CVE-2021-29861

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.

6.2CVSS5.8AI score0.00108EPSS

CVE•added 1999/09/29 4:0 a.m.•54 views

CVE-1999-0093

AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.

7.2CVSS6.6AI score0.00067EPSS

CVE•added 1999/09/29 4:0 a.m.•54 views

CVE-1999-0131

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

7.2CVSS6.8AI score0.00096EPSS

CVE•added 2000/01/04 5:0 a.m.•54 views

CVE-1999-0687

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

7.5CVSS7.3AI score0.07295EPSS

CVE•added 2004/08/06 4:0 a.m.•54 views

CVE-2004-0545

LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack.

7.2CVSS6.4AI score0.0005EPSS

CVE•added 2024/12/25 3:15 p.m.•54 views

CVE-2024-52906

IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service.

5.5CVSS5.2AI score0.0002EPSS

CVE•added 1999/09/29 4:0 a.m.•53 views

CVE-1999-0090

Buffer overflow in AIX rcp command allows local users to obtain root access.

7.2CVSS7.4AI score0.00071EPSS

CVE•added 1999/09/29 4:0 a.m.•53 views

CVE-1999-0094

AIX piodmgrsu command allows local users to gain additional group privileges.

4.6CVSS7.5AI score0.00081EPSS

CVE•added 2004/09/01 4:0 a.m.•53 views

CVE-2003-0064

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary...

7.5CVSS7.2AI score0.00871EPSS

CVE•added 2014/06/08 11:55 p.m.•53 views

CVE-2014-3977

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

6.9CVSS6AI score0.00223EPSS

CVE•added 2016/08/08 1:59 a.m.•53 views

CVE-2016-0266

IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

4.3CVSS3.7AI score0.007EPSS

CVE•added 2000/02/04 5:0 a.m.•52 views

CVE-1999-0088

IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.

10CVSS7.8AI score0.06183EPSS

CVE•added 1999/09/29 4:0 a.m.•52 views

CVE-1999-0113

Some implementations of rlogin allow root access if given a -froot parameter.

10CVSS6.8AI score0.18663EPSS

CVE•added 2005/04/21 4:0 a.m.•52 views

CVE-2000-1216

Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine.

7.2CVSS7.2AI score0.00517EPSS

CVE•added 2012/02/06 8:55 p.m.•52 views

CVE-2012-0194

The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.

7.1CVSS6.3AI score0.01658EPSS

CVE•added 2012/10/20 10:41 a.m.•52 views

CVE-2012-4845

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.

6.8CVSS6.1AI score0.00569EPSS

CVE•added 2023/12/22 4:15 p.m.•52 views

CVE-2023-45165

IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963.

6.2CVSS5.4AI score0.00024EPSS

CVE•added 2023/12/13 11:15 p.m.•52 views

CVE-2023-45174

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.

8.4CVSS7.7AI score0.00033EPSS

CVE•added 2024/12/25 3:15 p.m.•52 views

CVE-2024-47102

IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service.

5.5CVSS5.2AI score0.00029EPSS

CVE•added 2000/02/04 5:0 a.m.•51 views

CVE-1999-0086

AIX routed allows remote users to modify sensitive files.

5CVSS7.3AI score0.00479EPSS

CVE•added 2000/06/02 4:0 a.m.•51 views

CVE-1999-0118

AIX infod allows local users to gain root access through an X display.

7.2CVSS7.4AI score0.01244EPSS

CVE•added 2001/01/22 5:0 a.m.•51 views

CVE-2000-1120

Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.

7.2CVSS7.2AI score0.00209EPSS

CVE•added 2009/08/05 7:30 p.m.•51 views

CVE-2009-2669

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permission...

7.2CVSS6.3AI score0.00077EPSS

CVE•added 2021/06/17 4:15 p.m.•51 views

CVE-2021-29706

IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663.

7.1CVSS6.6AI score0.00036EPSS

CVE•added 2001/05/07 4:0 a.m.•50 views

CVE-1999-0115

AIX bugfiler program allows local users to gain root access.

7.2CVSS7.4AI score0.01244EPSS

CVE•added 1999/09/29 4:0 a.m.•50 views

CVE-1999-0129

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

4.6CVSS6.6AI score0.00122EPSS

CVE•added 2000/02/04 5:0 a.m.•50 views

CVE-1999-0345

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

5CVSS7.3AI score0.00504EPSS

CVE•added 2003/04/02 5:0 a.m.•50 views

CVE-2002-0679

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

10CVSS7.9AI score0.70866EPSS

CVE•added 2007/09/10 9:17 p.m.•50 views

CVE-2007-4797

Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors.

7.2CVSS6.8AI score0.00051EPSS

CVE•added 2008/02/05 3:0 a.m.•50 views

CVE-2008-0585

sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable permissions for unspecified WebSM Remote Client files, which allows local users to "alter the behavior of" this client by overwriting these files.

6.6CVSS6.3AI score0.00048EPSS

CVE•added 2010/08/30 8:0 p.m.•50 views

CVE-2010-3187

Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.

10CVSS7.8AI score0.79528EPSS

CVE•added 2018/02/13 8:29 p.m.•50 views

CVE-2018-1383

A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.

9.1CVSS8.7AI score0.0054EPSS

CVE•added 2022/01/10 2:10 p.m.•50 views

CVE-2021-38990

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.

8.4CVSS7.3AI score0.00103EPSS

CVE•added 1999/09/29 4:0 a.m.•49 views

CVE-1999-0040

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

7.2CVSS7.9AI score0.003EPSS

CVE•added 1999/09/29 4:0 a.m.•49 views

CVE-1999-0130

Local users can start Sendmail in daemon mode and gain root privileges.

7.2CVSS7AI score0.00886EPSS

CVE•added 2005/07/14 4:0 a.m.•49 views

CVE-2001-1529

Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.

7.5CVSS7AI score0.8072EPSS

CVE•added 2005/04/14 4:0 a.m.•49 views

CVE-2003-0954

Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges.

7.2CVSS7.3AI score0.00075EPSS

CVE•added 2006/02/13 10:2 p.m.•49 views

CVE-2006-0674

Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument.

4.6CVSS6.4AI score0.00065EPSS

CVE•added 2009/08/10 11:30 p.m.•49 views

CVE-2009-2727

Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-...

9.3CVSS7.8AI score0.7763EPSS

CVE•added 2010/05/20 5:30 p.m.•49 views

CVE-2010-1039

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request con...

10CVSS7.4AI score0.26547EPSS

Total number of security vulnerabilities387