Vios IBM Vios

Do you want an email whenever new security vulnerabilities are reported in IBM Vios?

By the Year

In 2024 there have been 4 vulnerabilities in IBM Vios with an average score of 5.5 out of ten. Last year Vios had 10 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Vios in 2024 could surpass last years number. Last year, the average CVE base score was greater by 1.61

Year Vulnerabilities Average Score
2024 4 5.50
2023 10 7.11
2022 23 6.28
2021 8 6.11
2020 1 7.80
2019 0 0.00
2018 0 0.00

It may take a day or so for new Vios vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent IBM Vios Security Vulnerabilities

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45169 5.5 - Medium - January 11, 2024

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45171 5.5 - Medium - January 11, 2024

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45173 5.5 - Medium - January 11, 2024

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45175 5.5 - Medium - January 11, 2024

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45172 5.5 - Medium - December 19, 2023

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. IBM X-Force ID: 267970.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45174 7.8 - High - December 13, 2023

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges or cause a denial of service. IBM X-Force ID: 267972.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45170 7.8 - High - December 13, 2023

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate privileges or cause a denial of service. IBM X-Force ID: 267968.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45166 7.8 - High - December 13, 2023

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain elevated privileges. IBM X-Force ID: 267964.

IBM AIX 7.2, 7.3, and VIOS 3.1 could

CVE-2023-45168 7.8 - High - December 01, 2023

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 267966.

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service

CVE-2023-45167 5.5 - Medium - November 10, 2023

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965.

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could

CVE-2023-40371 5.5 - Medium - August 24, 2023

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2023-28528 7.8 - High - April 28, 2023

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.

Shell injection

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2023-26286 7.8 - High - April 26, 2023

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.

IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow

CVE-2022-47990 7.8 - High - January 18, 2023

IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. IBM X-Force ID: 243556.

Classic Buffer Overflow

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could

CVE-2022-39164 6.2 - Medium - December 23, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 235181.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could

CVE-2022-43849 6.2 - Medium - December 23, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2022-43848 6.2 - Medium - December 23, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2022-41290 8.4 - High - December 23, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.

Improper Privilege Management

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service

CVE-2022-39165 6.2 - Medium - December 23, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2022-40233 6.2 - Medium - December 23, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2022-43380 6.2 - Medium - December 23, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could

CVE-2022-43381 6.2 - Medium - December 23, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could

CVE-2022-43382 4.4 - Medium - December 20, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2022-34356 7.8 - High - September 13, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2022-36768 7.8 - High - September 13, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. IBM X-Force ID: 232014.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service

CVE-2022-22444 5.5 - Medium - June 15, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2021-38988 5.5 - Medium - March 07, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2021-38989 5.5 - Medium - March 07, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2022-22351 8.6 - High - March 07, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service

CVE-2022-22350 5.5 - Medium - March 02, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2021-38996 5.5 - Medium - March 02, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2021-38955 4.4 - Medium - March 01, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2021-38993 5.5 - Medium - February 25, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2021-38994 5.5 - Medium - February 24, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213072.

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could

CVE-2021-38995 5.5 - Medium - February 24, 2022

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213073.

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could

CVE-2021-38991 7.8 - High - January 11, 2022

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.

IBM AIX 7.1, 7.2, and VIOS 3.1 could

CVE-2021-38990 7.8 - High - January 10, 2022

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information

CVE-2021-29861 6.2 - Medium - November 17, 2021

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.

IBM AIX 7.1, 7.2, and VIOS 3.1 could

CVE-2021-29860 6.2 - Medium - November 17, 2021

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084.

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service

CVE-2021-29727 5.5 - Medium - August 26, 2021

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106.

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges

CVE-2021-29801 7.8 - High - August 26, 2021

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.

IBM AIX 7.1, 7.2, and VIOS 3.1 could

CVE-2021-29862 5.5 - Medium - August 26, 2021

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges

CVE-2021-29741 7.8 - High - August 02, 2021

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478.

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user

CVE-2021-29693 4.4 - Medium - June 28, 2021

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.

IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could

CVE-2020-4887 5.5 - Medium - January 20, 2021

IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges

CVE-2020-4829 7.8 - High - December 10, 2020

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability

CVE-2016-6079 7.8 - High - February 15, 2017

IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

Permissions, Privileges, and Access Controls

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client

CVE-2016-8972 7.8 - High - February 15, 2017

IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

Permissions, Privileges, and Access Controls

IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information

CVE-2016-0266 3.7 - Low - August 08, 2016

IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

7PK - Security Features

The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled

CVE-2016-0281 3.7 - Low - August 08, 2016

The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.

Improper Input Validation

lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x

CVE-2014-8904 - January 15, 2015

lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.

Permissions, Privileges, and Access Controls

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data

CVE-2014-3566 3.4 - Low - October 15, 2014

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

Cryptographic Issues

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x

CVE-2014-3074 - July 02, 2014

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.

Permissions, Privileges, and Access Controls

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file

CVE-2014-3977 - June 08, 2014

libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

insecure temporary file

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x

CVE-2014-0930 - May 08, 2014

The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which

CVE-2012-4845 - October 20, 2012

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.

Permissions, Privileges, and Access Controls

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which

CVE-2012-4833 - October 01, 2012

fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.

Permissions, Privileges, and Access Controls

The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which

CVE-2012-4817 - September 14, 2012

The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.

The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which

CVE-2012-0723 - July 30, 2012

The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.

Improper Input Validation

The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02

CVE-2012-2200 - June 27, 2012

The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.

Permissions, Privileges, and Access Controls

The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application

CVE-2012-2192 - June 20, 2012

The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.

Resource Management Errors

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for IBM Vios or by IBM? Click the Watch button to subscribe.

IBM
Vendor

IBM Vios
Product

subscribe