IBM Aix
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in IBM Aix.
By the Year
In 2025 there have been 0 vulnerabilities in IBM Aix. Last year, in 2024 Aix had 7 security vulnerabilities published. Right now, Aix is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 7 | 5.83 |
2023 | 11 | 6.96 |
2022 | 23 | 6.28 |
2021 | 9 | 6.22 |
2020 | 1 | 7.80 |
2019 | 0 | 0.00 |
2018 | 2 | 7.30 |
It may take a day or so for new Aix vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent IBM Aix Security Vulnerabilities
IBM AIX TCP/IP Kernel Extension Denial of Service Vulnerability
CVE-2024-52906
5.5 - Medium
- December 25, 2024
IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service.
Race Condition
IBM AIX perfstat Kernel Extension Denial of Service Vulnerability
CVE-2024-47102
5.5 - Medium
- December 25, 2024
IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service.
Improper Input Validation
IBM AIX and VIOS Local Command Execution Vulnerability
CVE-2024-47115
7.8 - High
- December 07, 2024
IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.
Shell injection
IBM AIX 7.2, 7.3, and VIOS 3.1 could
CVE-2023-45171
5.5 - Medium
- January 11, 2024
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969.
IBM AIX 7.2, 7.3, and VIOS 3.1 could
CVE-2023-45169
5.5 - Medium
- January 11, 2024
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967.
IBM AIX 7.2, 7.3, and VIOS 3.1 could
CVE-2023-45175
5.5 - Medium
- January 11, 2024
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973.
IBM AIX 7.2, 7.3, and VIOS 3.1 could
CVE-2023-45173
5.5 - Medium
- January 11, 2024
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971.
IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service
CVE-2023-45165
5.5 - Medium
- December 22, 2023
IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 267963.
IBM AIX 7.2, 7.3, and VIOS 3.1 could
CVE-2023-45172
5.5 - Medium
- December 19, 2023
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970.
IBM AIX 7.2, 7.3, and VIOS 3.1 could
CVE-2023-45174
7.8 - High
- December 13, 2023
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.
IBM AIX 7.2, 7.3, and VIOS 3.1 could
CVE-2023-45170
7.8 - High
- December 13, 2023
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968.
IBM AIX 7.2, 7.3, and VIOS 3.1 could
CVE-2023-45166
7.8 - High
- December 13, 2023
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964.
IBM AIX 7.2, 7.3, and VIOS 3.1 could
CVE-2023-45168
7.8 - High
- December 01, 2023
IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966.
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service
CVE-2023-45167
5.5 - Medium
- November 10, 2023
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965.
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could
CVE-2023-40371
5.5 - Medium
- August 24, 2023
IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.
Use of a Broken or Risky Cryptographic Algorithm
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2023-28528
7.8 - High
- April 28, 2023
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.
Shell injection
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2023-26286
7.8 - High
- April 26, 2023
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.
IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow
CVE-2022-47990
7.8 - High
- January 18, 2023
IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556.
Classic Buffer Overflow
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could
CVE-2022-43849
6.2 - Medium
- December 23, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2022-43848
6.2 - Medium
- December 23, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2022-41290
8.4 - High
- December 23, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.
Improper Privilege Management
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could
CVE-2022-39164
6.2 - Medium
- December 23, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 235181.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could
CVE-2022-43381
6.2 - Medium
- December 23, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2022-43380
6.2 - Medium
- December 23, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2022-40233
6.2 - Medium
- December 23, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service
CVE-2022-39165
6.2 - Medium
- December 23, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could
CVE-2022-43382
4.4 - Medium
- December 20, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2022-36768
7.8 - High
- September 13, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2022-34356
7.8 - High
- September 13, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service
CVE-2022-22444
5.5 - Medium
- June 15, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2022-22351
8.6 - High
- March 07, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2021-38989
5.5 - Medium
- March 07, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2021-38988
5.5 - Medium
- March 07, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service
CVE-2022-22350
5.5 - Medium
- March 02, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2021-38996
5.5 - Medium
- March 02, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2021-38955
4.4 - Medium
- March 01, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2021-38993
5.5 - Medium
- February 25, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2021-38995
5.5 - Medium
- February 24, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073.
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could
CVE-2021-38994
5.5 - Medium
- February 24, 2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072.
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could
CVE-2021-38991
7.8 - High
- January 11, 2022
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.
IBM AIX 7.1, 7.2, and VIOS 3.1 could
CVE-2021-38990
7.8 - High
- January 10, 2022
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.
IBM AIX 7.1, 7.2, and VIOS 3.1 could
CVE-2021-29860
6.2 - Medium
- November 17, 2021
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084.
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information
CVE-2021-29861
6.2 - Medium
- November 17, 2021
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service
CVE-2021-29727
5.5 - Medium
- August 26, 2021
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106.
IBM AIX 7.1, 7.2, and VIOS 3.1 could
CVE-2021-29862
5.5 - Medium
- August 26, 2021
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges
CVE-2021-29801
7.8 - High
- August 26, 2021
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges
CVE-2021-29741
7.8 - High
- August 02, 2021
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478.
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user
CVE-2021-29693
4.4 - Medium
- June 28, 2021
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.
IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service
CVE-2021-29706
7.1 - High
- June 17, 2021
IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663.
IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could
CVE-2020-4887
5.5 - Medium
- January 20, 2021
IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges
CVE-2020-4829
7.8 - High
- December 10, 2020
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory
CVE-2018-1655
5.5 - Medium
- June 22, 2018
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.
Information Disclosure
A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could
CVE-2018-1383
9.1 - Critical
- February 13, 2018
A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client
CVE-2016-8972
7.8 - High
- February 15, 2017
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
Permissions, Privileges, and Access Controls
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability
CVE-2016-6079
7.8 - High
- February 15, 2017
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.
Permissions, Privileges, and Access Controls
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled
CVE-2016-0281
3.7 - Low
- August 08, 2016
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
Improper Input Validation
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information
CVE-2016-0266
3.7 - Low
- August 08, 2016
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
7PK - Security Features
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x
CVE-2014-8904
- January 15, 2015
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.
Permissions, Privileges, and Access Controls
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data
CVE-2014-3566
3.4 - Low
- October 15, 2014
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
Cryptographic Issues
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x
CVE-2014-3074
- July 02, 2014
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
Permissions, Privileges, and Access Controls
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file
CVE-2014-3977
- June 08, 2014
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
insecure temporary file
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x
CVE-2014-0930
- May 08, 2014
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which
CVE-2012-4845
- October 20, 2012
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.
Permissions, Privileges, and Access Controls
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which
CVE-2012-4833
- October 01, 2012
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.
Permissions, Privileges, and Access Controls
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which
CVE-2012-4817
- September 14, 2012
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which
CVE-2012-0723
- July 30, 2012
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.
Improper Input Validation
The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02
CVE-2012-2200
- June 27, 2012
The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.
Permissions, Privileges, and Access Controls
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application
CVE-2012-2192
- June 20, 2012
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.
Resource Management Errors
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which
CVE-2004-0243
- November 23, 2004
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
Side Channel Attack
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems
CVE-2001-0554
- August 14, 2001
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
Classic Buffer Overflow
genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.
CVE-1999-0903
- October 26, 1999
genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.
AIX routed allows remote users to modify sensitive files.
CVE-1999-0086
- January 08, 1998
AIX routed allows remote users to modify sensitive files.
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack
CVE-1999-0513
- January 05, 1998
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client
CVE-1999-0017
- December 10, 1997
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
Various vulnerabilities in the AIX portmir command
CVE-1999-0092
- October 29, 1997
Various vulnerabilities in the AIX portmir command allows local users to obtain root access.
AIX nslookup command
CVE-1999-0093
- October 29, 1997
AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.
AIX piodmgrsu command
CVE-1999-0094
- October 29, 1997
AIX piodmgrsu command allows local users to gain additional group privileges.
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g
CVE-1999-0097
- October 29, 1997
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
Buffer overflow in AIX libDtSvc library can
CVE-1999-0089
- October 28, 1997
Buffer overflow in AIX libDtSvc library can allow local users to gain root access.
Buffer overflow in AIX writesrv command
CVE-1999-0091
- October 28, 1997
Buffer overflow in AIX writesrv command allows local users to obtain root access.
Buffer overflow in AIX xdat gives root access to local users.
CVE-1999-0072
- October 22, 1997
Buffer overflow in AIX xdat gives root access to local users.
Buffer overflow in AIX rcp command
CVE-1999-0090
- October 01, 1997
Buffer overflow in AIX rcp command allows local users to obtain root access.
DNS cache poisoning
CVE-1999-0024
- August 13, 1997
DNS cache poisoning via BIND, by predictable query IDs.
ICMP information such as (1) netmask and (2) timestamp is
CVE-1999-0524
- August 01, 1997
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Information Disclosure
An attacker can write to syslog files
CVE-1999-0566
- August 01, 1997
An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.
Buffer overflow in AIX lchangelv gives root access.
CVE-1999-0122
- July 21, 1997
Buffer overflow in AIX lchangelv gives root access.
The rwho/rwhod service is running
CVE-1999-0628
- July 01, 1997
The rwho/rwhod service is running, which exposes machine status and user information.
Command execution in Sun systems
CVE-1999-0033
- June 12, 1997
Command execution in Sun systems via buffer overflow in the at program.
Buffer overflow in AIX lquerylv program gives root access to local users.
CVE-1999-0064
- May 26, 1997
Buffer overflow in AIX lquerylv program gives root access to local users.
Buffer overflow in Xt library of X Windowing System
CVE-1999-0040
- May 01, 1997
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
Buffer overflow in xlock program
CVE-1999-0038
- April 26, 1997
Buffer overflow in xlock program allows local users to execute commands as root.
Buffer overflow in University of Washington's implementation of IMAP and POP servers.
CVE-1999-0042
- April 07, 1997
Buffer overflow in University of Washington's implementation of IMAP and POP servers.
Buffer overflow in xmcd 2.0p12
CVE-1999-0318
- March 01, 1997
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
Buffer overflow in NLS (Natural Language Service).
CVE-1999-0041
- February 13, 1997
Buffer overflow in NLS (Natural Language Service).
Buffer overflow of rlogin program using TERM environmental variable.
CVE-1999-0046
- February 06, 1997
Buffer overflow of rlogin program using TERM environmental variable.
Classic Buffer Overflow
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
CVE-1999-0345
- January 01, 1997
Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems.
Oversized ICMP ping packets
CVE-1999-0128
- December 18, 1996
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
Sendmail allows local users to write to a file and gain group permissions
CVE-1999-0129
- December 03, 1996
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
Local user gains root privileges
CVE-1999-0023
- July 24, 1996
Local user gains root privileges via buffer overflow in rdist, via lookup() function.