Aix
by IBM
CVEs (402)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1383 | Cri | 0.59 | 9.1 | 0.03 | Feb 13, 2018 | A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117. | ||
| CVE-1999-0038 | Hig | 0.58 | 8.4 | 0.01 | Apr 26, 1997 | Buffer overflow in xlock program allows local users to execute commands as root. | ||
| CVE-2016-8972 | Hig | 0.54 | 7.8 | 0.01 | Feb 15, 2017 | IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | ||
| CVE-2016-6079 | Hig | 0.54 | 7.8 | 0.02 | Feb 15, 2017 | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. | ||
| CVE-2016-3053 | Hig | 0.54 | 7.8 | 0.02 | Feb 1, 2017 | IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | ||
| CVE-2017-1692 | Hig | 0.51 | 7.8 | 0.00 | Feb 7, 2018 | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067. | ||
| CVE-2017-1093 | Hig | 0.51 | 7.8 | 0.00 | Feb 2, 2017 | IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges. | ||
| CVE-1999-0022 | Hig | 0.51 | 7.8 | 0.01 | Jul 3, 1996 | Local user gains root privileges via buffer overflow in rdist, via expstr() function. | ||
| CVE-2017-1541 | Hig | 0.48 | 7.3 | 0.02 | Oct 4, 2017 | A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809. | ||
| CVE-2016-6038 | Med | 0.42 | 6.5 | 0.02 | Sep 26, 2016 | Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL. | ||
| CVE-2016-8944 | Med | 0.36 | 5.5 | 0.00 | Feb 15, 2017 | IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234. | ||
| CVE-1999-0011 | Med | 0.36 | 5.4 | 0.05 | Apr 8, 1998 | Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. | ||
| CVE-2014-3566 | Low | 0.33 | 3.4 | 1.00 | Oct 15, 2014 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. | ||
| CVE-1999-0524 | Med | 0.29 | 4.0 | 0.32 | Aug 1, 1997 | ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||
| CVE-2018-1655 | Med | 0.26 | 4.0 | 0.00 | Jun 22, 2018 | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748. | ||
| CVE-2016-0281 | Low | 0.25 | 3.7 | 0.08 | Aug 8, 2016 | The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. | ||
| CVE-2016-0266 | Low | 0.24 | 3.7 | 0.01 | Aug 8, 2016 | IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | ||
| CVE-2001-0797 | 0.10 | — | 0.89 | Dec 12, 2001 | Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin. | |||
| CVE-1999-0513 | 0.09 | — | 0.70 | Jan 5, 1998 | ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. | |||
| CVE-1999-0128 | 0.09 | — | 0.74 | Dec 18, 1996 | Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. |
- risk 0.59cvss 9.1epss 0.03
A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and 7.2 daemon which could allow a user with root privileges on one system, to obtain root access on another machine. IBM X-force ID: 138117.
- risk 0.58cvss 8.4epss 0.01
Buffer overflow in xlock program allows local users to execute commands as root.
- risk 0.54cvss 7.8epss 0.01
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
- risk 0.54cvss 7.8epss 0.02
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053.
- risk 0.54cvss 7.8epss 0.02
IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
- risk 0.51cvss 7.8epss 0.00
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM X-Force ID: 134067.
- risk 0.51cvss 7.8epss 0.00
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a vulnerability in the bellmail binary to gain root privileges.
- risk 0.51cvss 7.8epss 0.01
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
- risk 0.48cvss 7.3epss 0.02
A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep packages prevented the java.security, java.policy and javaws.policy files from being updated correctly. IBM X-Force ID: 130809.
- risk 0.42cvss 6.5epss 0.02
Directory traversal vulnerability in Eclipse Help in IBM Tivoli Lightweight Infrastructure (aka LWI), as used in AIX 5.3, 6.1, and 7.1, allows remote authenticated users to read arbitrary files via a crafted URL.
- risk 0.36cvss 5.5epss 0.00
IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.
- risk 0.36cvss 5.4epss 0.05
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
- risk 0.33cvss 3.4epss 1.00
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
- risk 0.29cvss 4.0epss 0.32
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
- risk 0.26cvss 4.0epss 0.00
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains a vulnerability in the rmsock command that may be used to expose kernel memory. IBM X-Force ID: 144748.
- risk 0.25cvss 3.7epss 0.08
The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets.
- risk 0.24cvss 3.7epss 0.01
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
- CVE-2001-0797Dec 12, 2001risk 0.10cvss —epss 0.89
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
- CVE-1999-0513Jan 5, 1998risk 0.09cvss —epss 0.70
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
- CVE-1999-0128Dec 18, 1996risk 0.09cvss —epss 0.74
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
Page 1 of 21