Lucene search
+L

92 matches found

CVE
CVE
added 2014/10/15 12:0 a.m.1048 views

CVE-2014-3566

CVE-2014-3566 (POODLE) affects SSLv3 in AIX and related IBM components. IBM’s advisory (nettcp) states SSLv3 padding oracle vulnerability could allow MITM decryption of SSL sessions. Affected: AIX 6.1/7.1 and VIOS 2.2.x with vulnerable bos.net.tcp.client/server file sets (various lower/upper leve...

4.3CVSS4.4AI score0.99999EPSS
CVE
CVE
added 2020/11/20 3:45 a.m.374 views

CVE-2020-4788

CVE-2020-4788 affects IBM Power9 processors (AIX 7.1, 7.2, and VIOS 3.1) and allows a local attacker to obtain sensitive information from data in the L1 cache under extenuating circumstances. The connected IBM advisory lists remediation through iFixes/APARs: AIX 7.1.5.x (APAR IJ28229 family), AIX...

5.1CVSS5.7AI score0.00387EPSS
CVE
CVE
added 2023/04/26 11:50 a.m.174 views

CVE-2023-26286

CVE-2023-26286 affects IBM AIX and VIOS: AIX 7.1, 7.2, 7.3 and VIOS 3.1 are vulnerable to arbitrary command execution via a flaw in the AIX runtime services library (librts). The IBM advisory IJ45981 and related APARs specify affected filesets and TL/SP ranges, with remediation through APARs IJ45...

8.4CVSS7.7AI score0.00296EPSS
CVE
CVE
added 2022/03/07 4:55 p.m.169 views

CVE-2022-22351

The CVE-2022-22351 issue affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, where a non-privileged trusted host user can exploit a nimsh daemon vulnerability to cause a denial of service on the nimsh daemon of another trusted host. Affected filesets include bos.sysmgt.nim.client across TLs 7.1.5.x, 7.2....

8.6CVSS7.9AI score0.01174EPSS
CVE
CVE
added 2023/04/28 2:6 a.m.168 views

CVE-2023-28528

CVE-2023-28528 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. The vulnerability resides in the invscout command, enabling a non-privileged local user to trigger arbitrary command execution via a set-UID root context (a command-injection weakness). Affected fileset: invscout.rte (2.2.0.0–2.2.0.23). R...

8.4CVSS7.8AI score0.01457EPSS
CVE
CVE
added 2022/02/24 5:5 p.m.162 views

CVE-2021-38995

CVE-2021-38995 affects the IBM AIX kernel on AIX 7.1, 7.2, 7.3 and VIOS 3.1, allowing a non-privileged local user to cause a denial of service. The IBM Security Bulletin (and NVD entry) cite a kernel vulnerability with an impact to availability (DoS) and list affected filesets and TL/SP levels. A...

6.2CVSS5AI score0.00233EPSS
CVE
CVE
added 2022/03/01 4:45 p.m.161 views

CVE-2021-38955

CVE-2021-38955 affects IBM AIX 7.1/7.2/7.3 and VIOS 3.1. A local user with elevated privileges can trigger a denial of service due to a file-creation vulnerability in the audit commands. Root cause: issues in the audit component leading to DoS when files are created. Valid exploitation details ar...

4.4CVSS4.4AI score0.00211EPSS
CVE
CVE
added 2022/03/02 4:35 p.m.145 views

CVE-2022-22350

CVE-2022-22350 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, where a non-privileged local user can exploit a vulnerability in CAA to cause a denial of service. This is supported by multiple sources (NVD entry and CNVD/CVE records) describing a local-event DoS condition via the CAA kernel; explicit ...

6.2CVSS5.1AI score0.00214EPSS
CVE
CVE
added 2022/02/24 5:5 p.m.143 views

CVE-2021-38994

CVE-2021-38994 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. The IBM Security Bulletin notes a kernel vulnerability exploitable by a non-privileged local user that can cause a denial of service. Affected filesets include bos.mp64 across TLs 7.1.5.x, 7.2.4.x, 7.2.5.x, and 7.3.0.x with corresponding ...

6.2CVSS5AI score0.00233EPSS
CVE
CVE
added 2024/02/22 11:39 a.m.135 views

CVE-2024-25021

CVE-2024-25021 affects IBM AIX 7.3 and VIOS 4.1 where Perl's runtime could allow a non-privileged local user to execute arbitrary commands. Affected fileset: perl.rte (levels 5.34.0.0–5.34.1.5); remediation recommends perl.rte.5.34.1.6 on AIX 7.3 TL1+ and VIOS 4.1, with an OpenSSL 3.0 dependency....

8.4CVSS8.2AI score0.00269EPSS
CVE
CVE
added 2022/03/07 4:55 p.m.131 views

CVE-2021-38989

CVE-2021-38989 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, where a non-privileged local user could exploit a vulnerability in the AIX kernel (pmsvcs kernel extension) to cause a denial of service. Affected filesets include bos.pmapi.pmsvcs across TLs 7.1.5.0–7.3.0.0 and VIOS 3.1.x. IBM lists APAR...

6.2CVSS5AI score0.00217EPSS
CVE
CVE
added 2022/12/23 6:19 p.m.129 views

CVE-2022-43381

CVE-2022-43381 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1 via the AIX SMB client. A non-privileged local user can trigger a denial of service by exploiting the SMB client daemon. Affected filesets (smbc.rte) include 7.1.0.0–7.1.302.8 and 7.2.0.0–7.2.302.8; remediation is provided as fixes in smbc...

6.2CVSS6AI score0.00185EPSS
CVE
CVE
added 2022/12/20 8:11 p.m.127 views

CVE-2022-43382

CVE-2022-43382 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. It arises from a vulnerability in the lpd daemon that allows a local user with elevated privileges to cause a denial of service. Affected filesets and AIX levels are listed in the IBM advisory IJ44552/IJ44559/IJ44562/IJ44564 with interim/...

6.2CVSS5.2AI score0.00179EPSS
CVE
CVE
added 2023/08/24 1:0 p.m.127 views

CVE-2023-40371

CVE-2023-40371 affects IBM AIX 7.2, 7.3 and VIOS 3.1 via OpenSSH, allowing a non-privileged local user to access files outside allowed boundaries due to improper access controls. The IBM advisory (openssh_fix15) lists fixed interim packages: openssh.base (versions 8.1.102.2106 and 9.2.112.2000) w...

6.2CVSS5.8AI score0.00119EPSS
CVE
CVE
added 2023/11/10 3:52 a.m.125 views

CVE-2023-45167

CVE-2023-45167 affects IBM AIX 7.3 (Python implementation) and VIOS 4.1. A non-privileged local user could cause a denial of service via the Python component, with the root cause tied to the AIX Python stack. IBM’s advisory notes a fix is available (python3.9.base fileset, version 3.9.18.0) and p...

6.2CVSS5.7AI score0.00252EPSS
CVE
CVE
added 2022/12/23 7:26 p.m.118 views

CVE-2022-39164

CVE-2022-39164 affects IBM AIX 7.1/7.2/7.3 and VIOS 3.1. A non-privileged local user could exploit a vulnerability in the AIX kernel to cause a denial of service. IBM specifies kernel-level fixes (APARs/IJ fixes) across AIX TLs and VIOS levels; remediation requires installing the appropriate iFix...

6.2CVSS5.8AI score0.00185EPSS
CVE
CVE
added 2024/05/16 4:32 p.m.116 views

CVE-2024-27260

CVE-2024-27260 : IBM AIX and VIOS are affected by a vulnerability in the invscout command that could allow a non-privileged local user to execute arbitrary commands. Affected products/versions: AIX 7.2 and 7.3; VIOS 3.1 and 4.1 (invscout.rte 2.2.0.0–2.2.0.26). Root cause is the invscout component...

8.4CVSS7AI score0.0023EPSS
CVE
CVE
added 2015/01/15 10:0 p.m.113 views

CVE-2014-8904

CVE-2014-8904 affects IBM AIX (versions 5.3, 6.1, 7.1) and VIOS 2.2.x. The vulnerability is a local privilege escalation in lquerylv (cmdlvm) where a crafted DBGCMD_LQUERYLV environment variable enables a local user to gain root privileges. Public exploitation exists: exploit code and demonstrati...

7.2CVSS6AI score0.0096EPSS
CVE
CVE
added 2025/08/08 4:32 p.m.113 views

CVE-2025-8732

CVE-2025-8732 affects libxml2 up to 2.14.5, with a vulnerability in xmlParseSGMLCatalog that can trigger uncontrolled recursion during SGML catalog processing. Local attackers are required, and exploit details have circulated publicly; the real-world impact remains debated in some sources. Severa...

4.8CVSS4AI score0.00202EPSS
CVE
CVE
added 2017/02/15 7:0 p.m.111 views

CVE-2016-8972

CVE-2016-8972 affects IBM AIX 6.1, 7.1 and 7.2 via the bellmail client, enabling a local user to gain root privileges through a specially crafted command. Root access hinges on insecure permissions around bellmail; APARs IV91006–IV91011 exist. AIX advisories (bellmail_advisory.asc) and exploit re...

7.8CVSS7.5AI score0.01384EPSS
CVE
CVE
added 2022/03/07 4:55 p.m.111 views

CVE-2021-38988

CVE-2021-38988 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1 via the AIX pfcdd kernel extension. A non-privileged local user can cause a denial of service by exploiting a vulnerability in the AIX kernel. The issue is rooted in the pfcdd extension handling of incoming messages, leading to an availabi...

6.2CVSS5AI score0.00217EPSS
CVE
CVE
added 2024/05/07 8:17 p.m.111 views

CVE-2024-27273

IBM AIX (AIX 7.2, 7.3, VIOS 3.1, VIOS 4.1) has a privilege-escalation issue in the Unix domain datagram socket implementation when using SO_PEERID, potentially exposing local applications. CVSS indicates LOCAL access, LOW privileges required, with HIGH confidentiality/integrity/availability impac...

8.1CVSS7.7AI score0.00146EPSS
CVE
CVE
added 2022/03/02 4:35 p.m.109 views

CVE-2021-38996

CVE-2021-38996 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. Connected sources indicate a vulnerability in the AIX kernel (and related CAA path) that could allow a non-privileged local user to cause a denial of service. The Nessus/NVD entries reference several APARs (IJ36682, IJ37496, IJ36596, IJ37...

6.2CVSS5AI score0.00214EPSS
CVE
CVE
added 2022/02/25 6:0 p.m.108 views

CVE-2021-38993

CVE-2021-38993 – details from IBM advisory Affected products: IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. Affected component: smbcd daemon. Issue: input validation error in smbcd can allow a non-privileged local user to cause a denial of service. Impact: CVSS3.0 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

6.2CVSS5.2AI score0.00217EPSS
CVE
CVE
added 2022/12/23 6:48 p.m.108 views

CVE-2022-39165

CVE-2022-39165 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. It is a local, non-privileged user vulnerability in the CAA component that can cause a denial of service. The IBM security bulletin notes an impact of Availability (A) = High with Privileges Required = None and Local access. AIX/VIOS patc...

6.2CVSS5.9AI score0.00185EPSS
CVE
CVE
added 2024/12/07 12:42 p.m.108 views

CVE-2024-47115

CVE-2024-47115 affects IBM AIX 7.2/7.3 and VIOS 3.1/4.1, due to improper neutralization of input in the invscout component that could allow a local user to execute arbitrary commands. The vulnerable fileset is invscout.rte (AIX) with versions 2.2.0.0–2.2.0.26. IBM’s advisory (invscout_intro) list...

7.8CVSS7.9AI score0.00231EPSS
CVE
CVE
added 2022/06/15 3:40 p.m.106 views

CVE-2022-22444

The CVE-2022-22444 issue affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A local user could exploit a vulnerability in the lpd daemon to cause a denial of service. IBM’s advisories (lpd_advisory2.asc) list affected filesets and APARs (e.g., IJ39868, IJ39875, IJ39876, IJ39877, IJ39878) and provide fix...

6.2CVSS5.1AI score0.0023EPSS
CVE
CVE
added 2013/07/18 4:0 p.m.104 views

CVE-2013-4011

CVE-2013-4011 affects IBM AIX 6.1/7.1 (and VIOS 2.2.2.2-FP-26 SP-02) InfiniBand subsystem components, enabling local privilege escalation via vulnerable paths in ibstat and arp.ib. Public references describe local-root escalation through a trusted SUID ibstat-based workflow and list related explo...

7.2CVSS6.4AI score0.02846EPSS
CVE
CVE
added 2022/12/23 7:16 p.m.104 views

CVE-2022-43849

CVE-2022-43849 affects IBM AIX 7.1/7.2/7.3 and VIOS 3.1 via vulnerability in the AIX pfcdd kernel extension that can allow a non-privileged local user to cause a denial of service. The connected IBM bulletin lists affected filesets and kernel extensions and provides remediation in the form of APA...

6.2CVSS5.8AI score0.00185EPSS
CVE
CVE
added 2022/09/13 8:45 p.m.103 views

CVE-2022-34356

CVE-2022-34356 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A local, non-privileged user could exploit a vulnerability in the AIX kernel to obtain root privileges. The IBM Security Bulletin (kernel_advisory4) confirms the affected products/versions and lists the vulnerable filesets (e.g., bos.mp64...

8.4CVSS7AI score0.00214EPSS
CVE
CVE
added 2022/12/23 7:6 p.m.102 views

CVE-2022-43848

CVE-2022-43848 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A non-privileged local user can exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service (availability impact HIGH). The IBM bulletin lists specific APARs and iFixes across kernel, perfstat, pfcdd, NFS, TC...

6.2CVSS5.8AI score0.00185EPSS
CVE
CVE
added 2014/07/02 10:0 a.m.99 views

CVE-2014-3074

The CVE-2014-3074 incident affects IBM AIX 6.1/7.1 (and VIOS 2.2.x) where the runtime linker allows local privilege escalation by manipulating MALLOCOPTIONS/MALLOCBUCKETS and then running a setuid program to create a root-owned 666 file. The root cause is in the malloc subsystem used by the AIX r...

7.2CVSS5.9AI score0.00576EPSS
CVE
CVE
added 2021/08/02 3:0 p.m.99 views

CVE-2021-29741

CVE-2021-29741 affects IBM AIX 7.1, 7.2 and VIOS 3.1, where a local user could exploit a vulnerability in Korn Shell (ksh) to gain root privileges. Root cause and details are provided by IBM’s ksh advisory: multiple AIX filesets (bos.rte.shell) with vulnerable ksh versions across TLs, and APAR-ba...

8.4CVSS7.3AI score0.00262EPSS
CVE
CVE
added 2023/01/18 6:19 p.m.91 views

CVE-2022-47990

Summary: CVE-2022-47990 affects IBM AIX systems with X11. A non-privileged local user can trigger a buffer overflow in X11, leading to denial of service or arbitrary code execution. The affected products/versions are AIX 7.1, 7.2, 7.3 and VIOS 3.1, with vulnerable X11.base.lib filesets across mul...

7.8CVSS7.1AI score0.0021EPSS
CVE
CVE
added 2017/02/15 7:0 p.m.86 views

CVE-2016-6079

CVE-2016-6079 affects IBM AIX 5.3, 6.1, 7.1 and 7.2 (and VIOS), with a local privilege escalation in the lquerylv component that could grant root privileges to a locally authenticated user. Root cause details are not fully disclosed in the initial description, but IBM AIX Security Advisory lquery...

7.8CVSS7.2AI score0.02485EPSS
CVE
CVE
added 2020/12/10 10:11 p.m.86 views

CVE-2020-4829

IBM AIX and VIOS are affected by CVE-2020-4829 due to a vulnerability in the ksu command. Affected: AIX 7.1, AIX 7.2, VIOS 3.1; vulnerable fileset level includes krb5.client.rte 1.16.1.0–1.16.1.2. Root-cause is exploitation of ksu to gain root privileges via local access. Remediation: available f...

8.4CVSS7.5AI score0.00347EPSS
CVE
CVE
added 2021/08/26 7:25 p.m.86 views

CVE-2021-29727

CVE-2021-29727 involves multiple IBM AIX kernel vulnerabilities that allow a local, non-privileged user to trigger a denial of service by targeting the AIX kernel in AIX 7.1, 7.2 and VIOS 3.1. The IBM bulletin lists three CVEs (CVE-2021-29727, CVE-2021-29801, CVE-2021-29862) affecting the AIX ker...

6.2CVSS5.7AI score0.00228EPSS
CVE
CVE
added 2021/08/26 7:25 p.m.86 views

CVE-2021-29801

CVE-2021-29801 affects IBM AIX 7.1, 7.2 and VIOS 3.1 where a local, non-privileged user can exploit a kernel vulnerability to gain root privileges. IBM’s Security Bulletin and APARs outline affected filesets and TLs (bos.mp64 levels for 7.1/7.2; VIOS 3.1.x), and provide fixes: APAR IJ33318 (7.1.5...

8.4CVSS7.2AI score0.00262EPSS
CVE
CVE
added 2013/07/06 10:0 a.m.85 views

CVE-2013-3005

CVE-2013-3005 affects the IBM AIX 6.1 and 7.1 TFTP client (and VIOS 2.2.2.2-FP-26 SP-02) where, with RBAC enabled, remote authenticated users can bypass file ownership restrictions and read or overwrite arbitrary files via tftp. Connected advisories document this as a client-side TFTP RBAC bypass...

8.5CVSS6AI score0.02961EPSS
CVE
CVE
added 2021/11/17 2:0 p.m.85 views

CVE-2021-29860

CVE-2021-29860 affects IBM AIX 7.1, 7.2 and VIOS 3.1 via a vulnerability in the libc.a library that could allow a non-privileged local user to expose sensitive information. IBM’s Security Bulletin (CVE-2021-29860) lists affected filesets and provides remediation through APARs and interim/fix pack...

6.2CVSS5.8AI score0.00258EPSS
CVE
CVE
added 2022/09/13 8:45 p.m.85 views

CVE-2022-36768

CVE-2022-36768 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, where a vulnerability in the invscout command could allow a non-privileged local user to obtain root privileges. Affected fileset: invscout.rte (lower 2.2.0.0 – upper 2.2.0.22). Remediation: IBM provides fixes for AIX/VIOS; install the in...

8.4CVSS7.2AI score0.00214EPSS
CVE
CVE
added 2022/12/23 7:32 p.m.85 views

CVE-2022-41290

CVE-2022-41290 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A non‑privileged local user could exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. The IBM bulletin lists affected filesets and APARs with available fixes: AIX 7.1.5.x (IJ42230, SP11) and 7.1.5.8–10 interi...

8.4CVSS7.9AI score0.00189EPSS
CVE
CVE
added 2021/08/26 7:25 p.m.83 views

CVE-2021-29862

CVE-2021-29862 affects IBM AIX 7.1, 7.2 and VIOS 3.1. It is described as a local, non-privileged user vulnerability in the AIX kernel that can cause a denial of service. The IBM security bulletin lists multiple APARs and interim fixes to address this family of kernel vulnerabilities (CVE-2021-298...

6.2CVSS5.7AI score0.00228EPSS
CVE
CVE
added 2022/12/23 6:42 p.m.82 views

CVE-2022-40233

CVE-2022-40233 concerns IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A non-privileged local user could exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. The IBM Security Bulletin lists vulnerable components and affected filesets across AIX 7.1–7.3 and VIOS 3.1, with ...

6.2CVSS5.8AI score0.00185EPSS
CVE
CVE
added 2009/10/15 10:0 a.m.81 views

CVE-2009-3699

CVE-2009-3699 – AIX rpc.cmsd opcode 21 buffer overflow AIX libcsa.a (calendar daemon library) is vulnerable to a stack-based buffer overflow when handling opcode 21 parameters in rpc.cmsd. Affected products include IBM AIX 5.x up to 5.3.10 and 6.x up to 6.1.3, and VIOS 2.1 and earlier. The flaw a...

10CVSS7.6AI score0.62089EPSS
CVE
CVE
added 2022/12/23 6:35 p.m.81 views

CVE-2022-43380

CVE-2022-43380 relates to IBM AIX 7.1/7.2/7.3 and VIOS 3.1 where a non-privileged local user can trigger a denial of service via exploitation of the AIX NFS kernel extension. The IBM Security Bulletin confirms the root cause is in the NFS kernel extension and lists affected filesets and AIX/VIOS ...

6.2CVSS5.8AI score0.00185EPSS
CVE
CVE
added 2013/06/21 2:0 p.m.79 views

CVE-2013-3035

CVE-2013-3035 affects IBM AIX IPv6 handling in the inet subsystem on AIX 6.1 and 7.1 and VIOS 2.2.2.2-FP-26 SP-02. A crafted IPv6 packet to an IPv6-enabled interface can cause a remote denial of service (system hang). The issue is tied to the INET IPv6 implementation, with Nessus and vendor advis...

7.1CVSS6.2AI score0.03632EPSS
CVE
CVE
added 2026/01/15 2:20 p.m.78 views

CVE-2026-0990

Vulnerability: CVE-2026-0990 affects libxml2. An uncontrolled recursion bug in xmlCatalogXMLResolveURI is triggered when a delegate URI entry references itself, allowing a remote attacker to craft an XML catalog that causes infinite recursion and stack exhaustion, resulting in DoS via application...

5.9CVSS6.3AI score0.00755EPSS
CVE
CVE
added 2021/11/17 2:0 p.m.77 views

CVE-2021-29861

CVE-2021-29861 affects IBM AIX 7.1, 7.2 and VIOS 3.1. A vulnerability in EFS could allow a non‑privileged local user to disclose sensitive information. IBM’s advisory lists affected filesets and versions and provides remediation via APARs and iFixes: AIX 7.1.5.x (APAR IJ35780, IJ35780m7a/m8a/m9a,...

6.2CVSS5.8AI score0.00258EPSS
CVE
CVE
added 2022/01/11 4:25 p.m.77 views

CVE-2021-38991

CVE-2021-38991 (IBM AIX/VIOS lscore vulnerability) A vulnerability in the IBM AIX lscore command (affecting AIX 7.0, 7.1, 7.2 and VIOS 3.1) can be triggered by a non-privileged local user due to an input validation error in lscore. Successful exploitation could lead to code execution with high im...

8.4CVSS7.4AI score0.00271EPSS
Total number of security vulnerabilities92