Total
85 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-36096 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | N/A | 9.0 CRITICAL |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques. | |||||
| CVE-2025-36236 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | N/A | 8.2 HIGH |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system. | |||||
| CVE-2025-36250 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | N/A | 10.0 CRITICAL |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346. | |||||
| CVE-2025-36251 | 1 Ibm | 2 Aix, Vios | 2025-11-19 | N/A | 9.6 CRITICAL |
| IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347. | |||||
| CVE-2023-28528 | 1 Ibm | 2 Aix, Vios | 2025-11-04 | N/A | 8.4 HIGH |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. | |||||
| CVE-2025-36244 | 1 Ibm | 2 Aix, Vios | 2025-10-17 | N/A | 7.4 HIGH |
| IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables. | |||||
| CVE-2024-47102 | 1 Ibm | 2 Aix, Vios | 2025-09-29 | N/A | 5.5 MEDIUM |
| IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. | |||||
| CVE-2024-27273 | 1 Ibm | 2 Aix, Vios | 2025-08-18 | N/A | 8.1 HIGH |
| IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903. | |||||
| CVE-2024-27260 | 1 Ibm | 2 Aix, Vios | 2025-07-29 | N/A | 8.4 HIGH |
| IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985. | |||||
| CVE-2024-52906 | 1 Ibm | 2 Aix, Vios | 2025-07-25 | N/A | 5.5 MEDIUM |
| IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. | |||||
| CVE-2025-33112 | 1 Ibm | 2 Aix, Vios | 2025-07-25 | N/A | 8.4 HIGH |
| IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input. | |||||
| CVE-2024-25021 | 1 Ibm | 2 Aix, Vios | 2025-05-06 | N/A | 8.4 HIGH |
| IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320. | |||||
| CVE-2016-6079 | 1 Ibm | 2 Aix, Vios | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. | |||||
| CVE-2016-8972 | 1 Ibm | 2 Aix, Vios | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | |||||
| CVE-2016-0266 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | 4.3 MEDIUM | 3.7 LOW |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-0930 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | 4.7 MEDIUM | N/A |
| The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. | |||||
| CVE-2014-3977 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | 6.9 MEDIUM | N/A |
| libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. | |||||
| CVE-2014-3074 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | 7.2 HIGH | N/A |
| The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program. | |||||
| CVE-2014-3566 | 11 Apple, Debian, Fedoraproject and 8 more | 20 Mac Os X, Debian Linux, Fedora and 17 more | 2025-04-12 | 4.3 MEDIUM | 3.4 LOW |
| The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | |||||
| CVE-2014-8904 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | 7.2 HIGH | N/A |
| lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. | |||||