Aix Security Vulnerabilities and Issues — Aix CVE List

Lucene search

IbmAix

30 matches found

CVE•added 1999/09/29 4:0 a.m.•370 views

CVE-1999-0024

DNS cache poisoning via BIND, by predictable query IDs.

5CVSS6.7AI score0.01325EPSS

CVE•added 2020/11/20 4:15 a.m.•309 views

CVE-2020-4788

IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

5.1CVSS5.7AI score0.00198EPSS

CVE•added 2003/06/16 4:0 a.m.•167 views

CVE-2003-0285

IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail.

5CVSS4.4AI score0.01177EPSS

CVE•added 1999/09/29 4:0 a.m.•147 views

CVE-1999-0513

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

5CVSS7.3AI score0.25583EPSS

CVE•added 1999/09/29 4:0 a.m.•76 views

CVE-1999-0019

Delete or create a file via rpc.statd, due to invalid information.

5CVSS7.3AI score0.01078EPSS

CVE•added 1999/09/29 4:0 a.m.•75 views

CVE-1999-0010

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

5CVSS6.8AI score0.02EPSS

CVE•added 1999/09/29 4:0 a.m.•72 views

CVE-1999-0128

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

5CVSS9.2AI score0.15798EPSS

CVE•added 1999/09/29 4:0 a.m.•61 views

CVE-1999-0116

Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.

5CVSS6.7AI score0.09037EPSS

CVE•added 1999/09/29 4:0 a.m.•55 views

CVE-1999-0628

The rwho/rwhod service is running, which exposes machine status and user information.

5CVSS7.4AI score0.0061EPSS

CVE•added 2024/12/25 3:15 p.m.•54 views

CVE-2024-52906

IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service.

5.5CVSS5.2AI score0.0002EPSS

CVE•added 2024/12/25 3:15 p.m.•52 views

CVE-2024-47102

IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service.

5.5CVSS5.2AI score0.00029EPSS

CVE•added 2000/02/04 5:0 a.m.•51 views

CVE-1999-0086

AIX routed allows remote users to modify sensitive files.

5CVSS7.3AI score0.00479EPSS

CVE•added 2000/02/04 5:0 a.m.•50 views

CVE-1999-0345

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.

5CVSS7.3AI score0.00504EPSS

CVE•added 1999/09/29 4:0 a.m.•47 views

CVE-1999-0111

RIP v1 is susceptible to spoofing.

5CVSS6.8AI score0.0061EPSS

CVE•added 1999/09/29 4:0 a.m.•47 views

CVE-1999-0566

An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.

5CVSS6.7AI score0.00504EPSS

CVE•added 2000/07/12 4:0 a.m.•47 views

CVE-2000-0441

Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.

5CVSS7AI score0.00519EPSS

CVE•added 2007/01/10 12:0 a.m.•47 views

CVE-2006-6914

Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.

5CVSS6.3AI score0.00495EPSS

CVE•added 2001/09/12 4:0 a.m.•46 views

CVE-1999-1075

inetd in AIX 4.1.5 dynamically assigns a port N when starting ttdbserver (ToolTalk server), but also inadvertently listens on port N-1 without passing control to ttdbserver, which allows remote attackers to cause a denial of service via a large number of connections to port N-1, which are not prope...

5CVSS7.4AI score0.0079EPSS

CVE•added 2018/06/22 2:29 p.m.•45 views

CVE-2018-1655

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.

5.5CVSS5.2AI score0.00067EPSS

CVE•added 2002/03/09 5:0 a.m.•44 views

CVE-2001-0998

IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.

5CVSS6.8AI score0.00521EPSS

CVE•added 2012/09/14 11:55 p.m.•44 views

CVE-2012-4817

The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.

5CVSS6.6AI score0.02437EPSS

CVE•added 2005/07/14 4:0 a.m.•42 views

CVE-2001-1554

IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.

5CVSS6.8AI score0.0079EPSS

CVE•added 2004/11/23 5:0 a.m.•42 views

CVE-2004-0243

AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.

5CVSS7.3AI score0.00683EPSS

CVE•added 1999/09/29 4:0 a.m.•40 views

CVE-1999-0087

Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.

5CVSS7.3AI score0.00562EPSS

CVE•added 2002/10/28 5:0 a.m.•40 views

CVE-2002-1201

IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers.

5CVSS6.5AI score0.0133EPSS

CVE•added 2002/10/04 4:0 a.m.•38 views

CVE-2002-1040

Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames.

5CVSS7AI score0.00502EPSS

CVE•added 2004/01/20 5:0 a.m.•38 views

CVE-2003-0696

The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion).

5CVSS6.8AI score0.00543EPSS

CVE•added 2005/03/26 5:0 a.m.•36 views

CVE-2002-1619

Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump).

5CVSS7.1AI score0.01413EPSS

CVE•added 2017/02/15 7:59 p.m.•36 views

CVE-2016-8944

IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.

5.5CVSS5.2AI score0.00051EPSS

CVE•added 2002/10/04 4:0 a.m.•33 views

CVE-2002-1041

Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.

5CVSS7AI score0.0061EPSS