CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM » AIX » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-22351 400 DoS 2022-03-07 2022-03-18
7.8
None Remote Low Not required None None Complete
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396
2 CVE-2021-38989 400 DoS 2022-03-07 2022-03-18
4.9
None Local Low Not required None None Complete
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951.
3 CVE-2021-38988 400 DoS 2022-03-07 2022-03-18
4.9
None Local Low Not required None None Complete
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950.
4 CVE-2016-3053 264 2017-02-01 2017-09-03
7.2
None Local Low Not required Complete Complete Complete
IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
5 CVE-2010-3187 119 2 Exec Code Overflow 2010-08-30 2018-11-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.
6 CVE-2010-1039 134 Exec Code 2010-05-20 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
7 CVE-2004-0243 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
8 CVE-2003-0285 2003-06-16 2017-07-11
5.0
None Remote Low Not required None Partial None
IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail.
9 CVE-2002-1687 Overflow 2002-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.
10 CVE-2002-1686 Overflow 2002-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in lscfg of unknown versions of AIX has unknown impact.
11 CVE-2002-1551 DoS Exec Code Overflow 2003-03-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code.
12 CVE-2002-1550 2003-03-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.
13 CVE-2002-1041 2002-10-04 2011-03-08
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.
14 CVE-2002-1040 2002-10-04 2008-09-05
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames.
15 CVE-2002-0790 +Priv 2002-08-12 2008-09-10
2.1
None Local Low Not required Partial None None
clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.
16 CVE-2001-1529 Overflow 2001-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.
17 CVE-2001-1061 2001-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.
18 CVE-2000-1222 +Priv 2000-12-10 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.
19 CVE-1999-1552 +Priv 1994-07-20 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges.
20 CVE-1999-1121 +Priv 1992-03-19 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.
21 CVE-1999-0566 DoS 1997-08-01 2008-09-09
5.0
None Remote Low Not required None None Partial
An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.
22 CVE-1999-0524 200 +Info 1997-08-01 2021-09-22
0.0
None Local Low Not required None None None
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
23 CVE-1999-0057 Exec Code 1998-11-16 2008-09-09
7.5
None Remote Low Not required Partial Partial Partial
Vacation program allows command execution by remote users through a sendmail command.
24 CVE-1999-0033 Exec Code Overflow 1997-06-12 2008-09-09
7.2
None Local Low Not required Complete Complete Complete
Command execution in Sun systems via buffer overflow in the at program.
Total number of vulnerabilities : 24   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.