Ibm Aix vulnerabilities

370 known vulnerabilities affecting ibm/aix.

Total CVEs

370

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL47HIGH177MEDIUM119LOW26

Vulnerabilities

Page 4 of 19

CVE-2020-4887MEDIUMCVSS 5.5v7.1v7.22021-01-20

CVE-2020-4887 [MEDIUM] CVE-2020-4887: IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.

cvelistv5nvd

CVE-2020-4829HIGHCVSS 7.8v7.1v7.22020-12-10

CVE-2020-4829 [HIGH] CVE-2020-4829: IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user c IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.

cvelistv5nvd

CVE-2020-4788MEDIUMCVSS 4.7v7.1.0v7.1.5+6 more2020-11-20

CVE-2020-4788 [MEDIUM] CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive info IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.

cvelistv5nvd

CVE-2018-1655MEDIUMCVSS 5.5v5.3v6.1+2 more2018-06-22

CVE-2018-1655 [MEDIUM] CWE-200 CVE-2018-1655: IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to ex IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.

cvelistv5nvd

CVE-2018-1383CRITICALCVSS 9.1v6.1v6.1.1+17 more2018-02-13

CVE-2018-1383 [CRITICAL] CVE-2018-1383: A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.

cvelistv5nvd

CVE-2017-1692HIGHCVSS 7.8v5.3v6.1+2 more2018-02-07

CVE-2017-1692 [HIGH] CVE-2017-1692: IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally auth IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.

cvelistv5nvd

CVE-2017-1541HIGHCVSS 7.3v5.3v6.1+2 more2017-10-04

CVE-2017-1541 [HIGH] CWE-20 CVE-2017-1541: A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.se A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.

cvelistv5nvd

CVE-2016-6079HIGHCVSS 7.8PoCv5.3v6.1+2 more2017-02-15

CVE-2016-6079 [HIGH] CWE-264 CVE-2016-6079: IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally auth IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.

nvd

CVE-2016-8972HIGHCVSS 7.8PoCv6.1v7.1+1 more2017-02-15

CVE-2016-8972 [HIGH] CWE-264 CVE-2016-8972: IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.

nvd

CVE-2016-8944MEDIUMCVSS 5.5v7.1v7.22017-02-15

CVE-2016-8944 [MEDIUM] CWE-20 CVE-2016-8944: IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.

nvd

CVE-2017-1093HIGHCVSS 7.8v6.1v7.1+1 more2017-02-02

CVE-2017-1093 [HIGH] CVE-2017-1093: IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.

nvd

CVE-2016-6038MEDIUMCVSS 6.5v5.3v6.1+1 more2016-09-26

CVE-2016-6038 [MEDIUM] CWE-22 CVE-2016-6038: Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI) Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.

nvd

CVE-2016-0266LOWCVSS 3.7v5.3v6.1+2 more2016-08-08

CVE-2016-0266 [LOW] CWE-254 CVE-2016-0266: IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.

nvd

CVE-2016-0281LOWCVSS 3.7v5.3v6.1+2 more2016-08-08

CVE-2016-0281 [LOW] CWE-20 CVE-2016-0281: The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.

nvd

CVE-2015-4948MEDIUMCVSS 6.9v5.3v6.1+1 more2015-10-16

CVE-2015-4948 [MEDIUM] CWE-264 CVE-2015-4948: netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows lo netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

nvd

CVE-2014-8904HIGHCVSS 7.2PoCv5.3v6.1+1 more2015-01-15

CVE-2014-8904 [HIGH] CWE-264 CVE-2014-8904: lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.

nvd

CVE-2014-3566LOWCVSS 3.4v5.3v6.1+1 more2014-10-15

CVE-2014-3566 [LOW] CWE-310 CVE-2014-3566: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CB The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

nvd

CVE-2014-3074HIGHCVSS 7.2v6.1v7.12014-07-02

CVE-2014-3074 [HIGH] CWE-264 CVE-2014-3074: The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 roo The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.

nvd

CVE-2014-3977MEDIUMCVSS 6.9PoCv6.1v7.12014-06-08

CVE-2014-3977 [MEDIUM] CVE-2014-3977: libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.

nvd

CVE-2014-0930MEDIUMCVSS 4.7v5.3v6.1+1 more2014-05-08

CVE-2014-0930 [MEDIUM] CVE-2014-0930: The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a d The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.

nvd

← Previous4 / 19Next →