CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM » AIX : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38991 77 Exec Code 2022-01-11 2022-01-20
4.6
None Local Low Not required Partial Partial Partial
IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution. IBM X-Force ID: 212953.
2 CVE-2021-38990 Exec Code 2022-01-10 2022-01-13
4.6
None Local Low Not required Partial Partial Partial
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution. IBM X-Force ID: 212952.
3 CVE-2021-29862 DoS 2021-08-26 2021-09-07
4.9
None Local Low Not required None None Complete
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086.
4 CVE-2021-29861 2021-11-17 2021-11-19
2.1
None Local Low Not required Partial None None
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085.
5 CVE-2021-29860 2021-11-17 2021-11-18
2.1
None Local Low Not required Partial None None
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084.
6 CVE-2021-29801 +Priv 2021-08-26 2021-09-07
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977.
7 CVE-2021-29741 269 +Priv 2021-08-02 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478.
8 CVE-2021-29727 DoS 2021-08-26 2021-09-13
4.9
None Local Low Not required None None Complete
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106.
9 CVE-2021-29706 DoS 2021-06-17 2021-06-22
3.6
None Local Low Not required Partial None Partial
IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663.
10 CVE-2021-29693 269 DoS 2021-06-28 2021-08-31
2.1
None Local Low Not required None None Partial
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a vulnerability in the lpd daemon. IBM X-Force ID: 200255.
11 CVE-2020-4887 2021-01-20 2021-08-31
2.1
None Local Low Not required None Partial None
IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911.
12 CVE-2020-4829 +Priv 2020-12-10 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.
13 CVE-2018-1655 200 +Info 2018-06-22 2019-10-09
2.1
None Local Low Not required Partial None None
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.
14 CVE-2018-1383 2018-02-13 2019-10-03
9.0
None Remote Low ??? Complete Complete Complete
A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.
15 CVE-2017-1692 2018-02-07 2018-02-26
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.
16 CVE-2017-1541 20 2017-10-04 2017-11-02
7.5
None Remote Low Not required Partial Partial Partial
A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.
17 CVE-2017-1093 +Priv 2017-02-02 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.
18 CVE-2016-8972 264 +Priv 2017-02-15 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
19 CVE-2016-8944 20 2017-02-15 2017-07-25
4.9
None Local Low Not required None None Complete
IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.
20 CVE-2016-6079 264 2017-02-15 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.
21 CVE-2016-6038 22 Dir. Trav. 2016-09-26 2017-07-30
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.
22 CVE-2016-3053 264 2017-02-01 2017-09-03
7.2
None Local Low Not required Complete Complete Complete
IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
23 CVE-2016-0281 20 DoS 2016-08-08 2021-08-31
4.3
None Remote Medium Not required None None Partial
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
24 CVE-2016-0266 254 +Info 2016-08-08 2021-08-31
4.3
None Remote Medium Not required Partial None None
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
25 CVE-2015-4948 264 +Priv 2015-10-16 2016-12-08
6.9
None Local Medium Not required Complete Complete Complete
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.
26 CVE-2014-8904 264 +Priv 2015-01-15 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.
27 CVE-2014-3977 59 1 2014-06-08 2021-08-31
6.9
None Local Medium Not required Complete Complete Complete
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
28 CVE-2014-3566 310 2014-10-15 2021-11-17
4.3
None Remote Medium Not required Partial None None
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
29 CVE-2014-3074 264 +Priv 2014-07-02 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program.
30 CVE-2014-0930 DoS +Info 2014-05-08 2021-08-31
4.7
None Local Medium Not required None None Complete
The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation.
31 CVE-2014-0899 264 Bypass 2014-03-11 2017-08-29
6.5
None Remote Low ??? Partial Partial Partial
ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.
32 CVE-2013-5419 119 Overflow +Priv 2013-10-04 2017-09-19
6.9
None Local Medium Not required Complete Complete Complete
Multiple buffer overflows in (1) mkque and (2) mkquedev in bos.rte.printers in IBM AIX 6.1 and 7.1 allow local users to gain privileges by leveraging printq group membership.
33 CVE-2013-4011 +Priv 2013-07-18 2017-09-19
7.2
None Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
34 CVE-2013-3035 20 DoS 2013-06-21 2017-09-19
7.1
None Remote Medium Not required None None Complete
The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.
35 CVE-2013-3005 264 Bypass 2013-07-06 2017-09-19
8.5
None Remote Medium ??? Complete Complete Complete
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.
36 CVE-2012-4845 264 Bypass 2012-10-20 2021-08-31
6.8
None Remote Low ??? Complete None None
The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.
37 CVE-2012-4833 264 2012-10-01 2021-08-31
2.1
None Local Low Not required None None Partial
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line.
38 CVE-2012-4817 DoS 2012-09-14 2021-08-31
5.0
None Remote Low Not required None None Partial
The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors.
39 CVE-2012-2200 264 +Priv 2012-06-27 2021-08-31
7.2
None Local Low Not required Complete Complete Complete
The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory.
40 CVE-2012-2192 399 DoS 2012-06-20 2021-08-31
4.9
None Local Low Not required None None Complete
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.
41 CVE-2012-2179 264 2012-06-22 2017-08-29
6.9
None Local Medium Not required Complete Complete Complete
libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
42 CVE-2012-0745 264 +Priv 2012-05-04 2017-12-07
7.2
None Local Low Not required Complete Complete Complete
The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors.
43 CVE-2012-0723 20 DoS 2012-07-30 2021-08-31
4.9
None Local Low Not required None None Complete
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.
44 CVE-2012-0194 DoS 2012-02-06 2017-08-29
7.1
None Remote Medium Not required None None Complete
The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.
45 CVE-2011-3982 399 DoS 2011-10-05 2017-08-29
2.1
None Local Low Not required None None Partial
The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs.
46 CVE-2011-1561 287 Bypass 2011-04-05 2011-04-05
6.8
None Remote Medium Not required Partial Partial Partial
The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password.
47 CVE-2011-1385 399 DoS 2012-03-02 2018-01-10
7.8
None Remote Low Not required None None Complete
IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194.
48 CVE-2011-1375 264 DoS 2011-11-11 2017-08-17
4.9
None Local Low Not required None None Complete
IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call.
49 CVE-2011-0637 DoS 2011-01-25 2017-08-17
4.9
None Local Low Not required None None Complete
The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors.
50 CVE-2010-3406 2010-09-16 2017-09-19
1.7
None Local Low ??? None Partial None
Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors.
Total number of vulnerabilities : 346   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.