92 matches found
CVE-2014-3566
CVE-2014-3566 (POODLE) affects SSLv3 in AIX and related IBM components. IBM’s advisory (nettcp) states SSLv3 padding oracle vulnerability could allow MITM decryption of SSL sessions. Affected: AIX 6.1/7.1 and VIOS 2.2.x with vulnerable bos.net.tcp.client/server file sets (various lower/upper leve...
CVE-2020-4788
CVE-2020-4788 affects IBM Power9 processors (AIX 7.1, 7.2, and VIOS 3.1) and allows a local attacker to obtain sensitive information from data in the L1 cache under extenuating circumstances. The connected IBM advisory lists remediation through iFixes/APARs: AIX 7.1.5.x (APAR IJ28229 family), AIX...
CVE-2023-26286
CVE-2023-26286 affects IBM AIX and VIOS: AIX 7.1, 7.2, 7.3 and VIOS 3.1 are vulnerable to arbitrary command execution via a flaw in the AIX runtime services library (librts). The IBM advisory IJ45981 and related APARs specify affected filesets and TL/SP ranges, with remediation through APARs IJ45...
CVE-2022-22351
The CVE-2022-22351 issue affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, where a non-privileged trusted host user can exploit a nimsh daemon vulnerability to cause a denial of service on the nimsh daemon of another trusted host. Affected filesets include bos.sysmgt.nim.client across TLs 7.1.5.x, 7.2....
CVE-2023-28528
CVE-2023-28528 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. The vulnerability resides in the invscout command, enabling a non-privileged local user to trigger arbitrary command execution via a set-UID root context (a command-injection weakness). Affected fileset: invscout.rte (2.2.0.0–2.2.0.23). R...
CVE-2021-38995
CVE-2021-38995 affects the IBM AIX kernel on AIX 7.1, 7.2, 7.3 and VIOS 3.1, allowing a non-privileged local user to cause a denial of service. The IBM Security Bulletin (and NVD entry) cite a kernel vulnerability with an impact to availability (DoS) and list affected filesets and TL/SP levels. A...
CVE-2021-38955
CVE-2021-38955 affects IBM AIX 7.1/7.2/7.3 and VIOS 3.1. A local user with elevated privileges can trigger a denial of service due to a file-creation vulnerability in the audit commands. Root cause: issues in the audit component leading to DoS when files are created. Valid exploitation details ar...
CVE-2022-22350
CVE-2022-22350 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, where a non-privileged local user can exploit a vulnerability in CAA to cause a denial of service. This is supported by multiple sources (NVD entry and CNVD/CVE records) describing a local-event DoS condition via the CAA kernel; explicit ...
CVE-2021-38994
CVE-2021-38994 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. The IBM Security Bulletin notes a kernel vulnerability exploitable by a non-privileged local user that can cause a denial of service. Affected filesets include bos.mp64 across TLs 7.1.5.x, 7.2.4.x, 7.2.5.x, and 7.3.0.x with corresponding ...
CVE-2024-25021
CVE-2024-25021 affects IBM AIX 7.3 and VIOS 4.1 where Perl's runtime could allow a non-privileged local user to execute arbitrary commands. Affected fileset: perl.rte (levels 5.34.0.0–5.34.1.5); remediation recommends perl.rte.5.34.1.6 on AIX 7.3 TL1+ and VIOS 4.1, with an OpenSSL 3.0 dependency....
CVE-2021-38989
CVE-2021-38989 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, where a non-privileged local user could exploit a vulnerability in the AIX kernel (pmsvcs kernel extension) to cause a denial of service. Affected filesets include bos.pmapi.pmsvcs across TLs 7.1.5.0–7.3.0.0 and VIOS 3.1.x. IBM lists APAR...
CVE-2022-43381
CVE-2022-43381 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1 via the AIX SMB client. A non-privileged local user can trigger a denial of service by exploiting the SMB client daemon. Affected filesets (smbc.rte) include 7.1.0.0–7.1.302.8 and 7.2.0.0–7.2.302.8; remediation is provided as fixes in smbc...
CVE-2022-43382
CVE-2022-43382 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. It arises from a vulnerability in the lpd daemon that allows a local user with elevated privileges to cause a denial of service. Affected filesets and AIX levels are listed in the IBM advisory IJ44552/IJ44559/IJ44562/IJ44564 with interim/...
CVE-2023-40371
CVE-2023-40371 affects IBM AIX 7.2, 7.3 and VIOS 3.1 via OpenSSH, allowing a non-privileged local user to access files outside allowed boundaries due to improper access controls. The IBM advisory (openssh_fix15) lists fixed interim packages: openssh.base (versions 8.1.102.2106 and 9.2.112.2000) w...
CVE-2023-45167
CVE-2023-45167 affects IBM AIX 7.3 (Python implementation) and VIOS 4.1. A non-privileged local user could cause a denial of service via the Python component, with the root cause tied to the AIX Python stack. IBM’s advisory notes a fix is available (python3.9.base fileset, version 3.9.18.0) and p...
CVE-2022-39164
CVE-2022-39164 affects IBM AIX 7.1/7.2/7.3 and VIOS 3.1. A non-privileged local user could exploit a vulnerability in the AIX kernel to cause a denial of service. IBM specifies kernel-level fixes (APARs/IJ fixes) across AIX TLs and VIOS levels; remediation requires installing the appropriate iFix...
CVE-2024-27260
CVE-2024-27260 : IBM AIX and VIOS are affected by a vulnerability in the invscout command that could allow a non-privileged local user to execute arbitrary commands. Affected products/versions: AIX 7.2 and 7.3; VIOS 3.1 and 4.1 (invscout.rte 2.2.0.0–2.2.0.26). Root cause is the invscout component...
CVE-2014-8904
CVE-2014-8904 affects IBM AIX (versions 5.3, 6.1, 7.1) and VIOS 2.2.x. The vulnerability is a local privilege escalation in lquerylv (cmdlvm) where a crafted DBGCMD_LQUERYLV environment variable enables a local user to gain root privileges. Public exploitation exists: exploit code and demonstrati...
CVE-2025-8732
CVE-2025-8732 affects libxml2 up to 2.14.5, with a vulnerability in xmlParseSGMLCatalog that can trigger uncontrolled recursion during SGML catalog processing. Local attackers are required, and exploit details have circulated publicly; the real-world impact remains debated in some sources. Severa...
CVE-2016-8972
CVE-2016-8972 affects IBM AIX 6.1, 7.1 and 7.2 via the bellmail client, enabling a local user to gain root privileges through a specially crafted command. Root access hinges on insecure permissions around bellmail; APARs IV91006–IV91011 exist. AIX advisories (bellmail_advisory.asc) and exploit re...
CVE-2021-38988
CVE-2021-38988 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1 via the AIX pfcdd kernel extension. A non-privileged local user can cause a denial of service by exploiting a vulnerability in the AIX kernel. The issue is rooted in the pfcdd extension handling of incoming messages, leading to an availabi...
CVE-2024-27273
IBM AIX (AIX 7.2, 7.3, VIOS 3.1, VIOS 4.1) has a privilege-escalation issue in the Unix domain datagram socket implementation when using SO_PEERID, potentially exposing local applications. CVSS indicates LOCAL access, LOW privileges required, with HIGH confidentiality/integrity/availability impac...
CVE-2021-38996
CVE-2021-38996 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. Connected sources indicate a vulnerability in the AIX kernel (and related CAA path) that could allow a non-privileged local user to cause a denial of service. The Nessus/NVD entries reference several APARs (IJ36682, IJ37496, IJ36596, IJ37...
CVE-2021-38993
CVE-2021-38993 – details from IBM advisory Affected products: IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. Affected component: smbcd daemon. Issue: input validation error in smbcd can allow a non-privileged local user to cause a denial of service. Impact: CVSS3.0 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...
CVE-2022-39165
CVE-2022-39165 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. It is a local, non-privileged user vulnerability in the CAA component that can cause a denial of service. The IBM security bulletin notes an impact of Availability (A) = High with Privileges Required = None and Local access. AIX/VIOS patc...
CVE-2024-47115
CVE-2024-47115 affects IBM AIX 7.2/7.3 and VIOS 3.1/4.1, due to improper neutralization of input in the invscout component that could allow a local user to execute arbitrary commands. The vulnerable fileset is invscout.rte (AIX) with versions 2.2.0.0–2.2.0.26. IBM’s advisory (invscout_intro) list...
CVE-2022-22444
The CVE-2022-22444 issue affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A local user could exploit a vulnerability in the lpd daemon to cause a denial of service. IBM’s advisories (lpd_advisory2.asc) list affected filesets and APARs (e.g., IJ39868, IJ39875, IJ39876, IJ39877, IJ39878) and provide fix...
CVE-2013-4011
CVE-2013-4011 affects IBM AIX 6.1/7.1 (and VIOS 2.2.2.2-FP-26 SP-02) InfiniBand subsystem components, enabling local privilege escalation via vulnerable paths in ibstat and arp.ib. Public references describe local-root escalation through a trusted SUID ibstat-based workflow and list related explo...
CVE-2022-43849
CVE-2022-43849 affects IBM AIX 7.1/7.2/7.3 and VIOS 3.1 via vulnerability in the AIX pfcdd kernel extension that can allow a non-privileged local user to cause a denial of service. The connected IBM bulletin lists affected filesets and kernel extensions and provides remediation in the form of APA...
CVE-2022-34356
CVE-2022-34356 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A local, non-privileged user could exploit a vulnerability in the AIX kernel to obtain root privileges. The IBM Security Bulletin (kernel_advisory4) confirms the affected products/versions and lists the vulnerable filesets (e.g., bos.mp64...
CVE-2022-43848
CVE-2022-43848 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A non-privileged local user can exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service (availability impact HIGH). The IBM bulletin lists specific APARs and iFixes across kernel, perfstat, pfcdd, NFS, TC...
CVE-2014-3074
The CVE-2014-3074 incident affects IBM AIX 6.1/7.1 (and VIOS 2.2.x) where the runtime linker allows local privilege escalation by manipulating MALLOCOPTIONS/MALLOCBUCKETS and then running a setuid program to create a root-owned 666 file. The root cause is in the malloc subsystem used by the AIX r...
CVE-2021-29741
CVE-2021-29741 affects IBM AIX 7.1, 7.2 and VIOS 3.1, where a local user could exploit a vulnerability in Korn Shell (ksh) to gain root privileges. Root cause and details are provided by IBM’s ksh advisory: multiple AIX filesets (bos.rte.shell) with vulnerable ksh versions across TLs, and APAR-ba...
CVE-2022-47990
Summary: CVE-2022-47990 affects IBM AIX systems with X11. A non-privileged local user can trigger a buffer overflow in X11, leading to denial of service or arbitrary code execution. The affected products/versions are AIX 7.1, 7.2, 7.3 and VIOS 3.1, with vulnerable X11.base.lib filesets across mul...
CVE-2016-6079
CVE-2016-6079 affects IBM AIX 5.3, 6.1, 7.1 and 7.2 (and VIOS), with a local privilege escalation in the lquerylv component that could grant root privileges to a locally authenticated user. Root cause details are not fully disclosed in the initial description, but IBM AIX Security Advisory lquery...
CVE-2020-4829
IBM AIX and VIOS are affected by CVE-2020-4829 due to a vulnerability in the ksu command. Affected: AIX 7.1, AIX 7.2, VIOS 3.1; vulnerable fileset level includes krb5.client.rte 1.16.1.0–1.16.1.2. Root-cause is exploitation of ksu to gain root privileges via local access. Remediation: available f...
CVE-2021-29727
CVE-2021-29727 involves multiple IBM AIX kernel vulnerabilities that allow a local, non-privileged user to trigger a denial of service by targeting the AIX kernel in AIX 7.1, 7.2 and VIOS 3.1. The IBM bulletin lists three CVEs (CVE-2021-29727, CVE-2021-29801, CVE-2021-29862) affecting the AIX ker...
CVE-2021-29801
CVE-2021-29801 affects IBM AIX 7.1, 7.2 and VIOS 3.1 where a local, non-privileged user can exploit a kernel vulnerability to gain root privileges. IBM’s Security Bulletin and APARs outline affected filesets and TLs (bos.mp64 levels for 7.1/7.2; VIOS 3.1.x), and provide fixes: APAR IJ33318 (7.1.5...
CVE-2013-3005
CVE-2013-3005 affects the IBM AIX 6.1 and 7.1 TFTP client (and VIOS 2.2.2.2-FP-26 SP-02) where, with RBAC enabled, remote authenticated users can bypass file ownership restrictions and read or overwrite arbitrary files via tftp. Connected advisories document this as a client-side TFTP RBAC bypass...
CVE-2021-29860
CVE-2021-29860 affects IBM AIX 7.1, 7.2 and VIOS 3.1 via a vulnerability in the libc.a library that could allow a non-privileged local user to expose sensitive information. IBM’s Security Bulletin (CVE-2021-29860) lists affected filesets and provides remediation through APARs and interim/fix pack...
CVE-2022-36768
CVE-2022-36768 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1, where a vulnerability in the invscout command could allow a non-privileged local user to obtain root privileges. Affected fileset: invscout.rte (lower 2.2.0.0 – upper 2.2.0.22). Remediation: IBM provides fixes for AIX/VIOS; install the in...
CVE-2022-41290
CVE-2022-41290 affects IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A non‑privileged local user could exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. The IBM bulletin lists affected filesets and APARs with available fixes: AIX 7.1.5.x (IJ42230, SP11) and 7.1.5.8–10 interi...
CVE-2021-29862
CVE-2021-29862 affects IBM AIX 7.1, 7.2 and VIOS 3.1. It is described as a local, non-privileged user vulnerability in the AIX kernel that can cause a denial of service. The IBM security bulletin lists multiple APARs and interim fixes to address this family of kernel vulnerabilities (CVE-2021-298...
CVE-2022-40233
CVE-2022-40233 concerns IBM AIX 7.1, 7.2, 7.3 and VIOS 3.1. A non-privileged local user could exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. The IBM Security Bulletin lists vulnerable components and affected filesets across AIX 7.1–7.3 and VIOS 3.1, with ...
CVE-2009-3699
CVE-2009-3699 – AIX rpc.cmsd opcode 21 buffer overflow AIX libcsa.a (calendar daemon library) is vulnerable to a stack-based buffer overflow when handling opcode 21 parameters in rpc.cmsd. Affected products include IBM AIX 5.x up to 5.3.10 and 6.x up to 6.1.3, and VIOS 2.1 and earlier. The flaw a...
CVE-2022-43380
CVE-2022-43380 relates to IBM AIX 7.1/7.2/7.3 and VIOS 3.1 where a non-privileged local user can trigger a denial of service via exploitation of the AIX NFS kernel extension. The IBM Security Bulletin confirms the root cause is in the NFS kernel extension and lists affected filesets and AIX/VIOS ...
CVE-2013-3035
CVE-2013-3035 affects IBM AIX IPv6 handling in the inet subsystem on AIX 6.1 and 7.1 and VIOS 2.2.2.2-FP-26 SP-02. A crafted IPv6 packet to an IPv6-enabled interface can cause a remote denial of service (system hang). The issue is tied to the INET IPv6 implementation, with Nessus and vendor advis...
CVE-2026-0990
Vulnerability: CVE-2026-0990 affects libxml2. An uncontrolled recursion bug in xmlCatalogXMLResolveURI is triggered when a delegate URI entry references itself, allowing a remote attacker to craft an XML catalog that causes infinite recursion and stack exhaustion, resulting in DoS via application...
CVE-2021-29861
CVE-2021-29861 affects IBM AIX 7.1, 7.2 and VIOS 3.1. A vulnerability in EFS could allow a non‑privileged local user to disclose sensitive information. IBM’s advisory lists affected filesets and versions and provides remediation via APARs and iFixes: AIX 7.1.5.x (APAR IJ35780, IJ35780m7a/m8a/m9a,...
CVE-2021-38991
CVE-2021-38991 (IBM AIX/VIOS lscore vulnerability) A vulnerability in the IBM AIX lscore command (affecting AIX 7.0, 7.1, 7.2 and VIOS 3.1) can be triggered by a non-privileged local user due to an input validation error in lscore. Successful exploitation could lead to code execution with high im...