VYPR

Aix

by IBM

CVEs (402)

  • CVE-2003-0028Mar 25, 2003
    risk 0.01cvss epss 0.15

    Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in…

  • CVE-2002-0677Jul 23, 2002
    risk 0.01cvss epss 0.07

    CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain privileges, via a file descriptor argument in an AUTH_UNIX procedure call, which is used as a table index by the _TT_ISCLOSE procedure.

  • CVE-2002-0678Jul 23, 2002
    risk 0.01cvss epss 0.09

    CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

  • CVE-2002-1621Apr 22, 2002
    risk 0.01cvss epss 0.07

    Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code.

  • CVE-1999-0057Nov 16, 1998
    risk 0.01cvss epss 0.08

    Vacation program allows command execution by remote users through a sendmail command.

  • CVE-1999-0627Mar 1, 1992
    risk 0.01cvss epss 0.07

    The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.

  • CVE-2025-36236Nov 13, 2025
    risk 0.00cvss epss 0.00

    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary files on the system.

  • CVE-2025-36250Nov 13, 2025
    risk 0.00cvss epss 0.01

    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls.  This addresses additional attack vectors for a vulnerability that was…

  • CVE-2025-36096Nov 13, 2025
    risk 0.00cvss epss 0.00

    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.

  • CVE-2025-36251Nov 13, 2025
    risk 0.00cvss epss 0.01

    IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in…

  • CVE-2025-36244Sep 16, 2025
    risk 0.00cvss epss 0.00

    IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.

  • CVE-2025-33112Jun 10, 2025
    risk 0.00cvss epss 0.00

    IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input.

  • CVE-2024-56347Mar 18, 2025
    risk 0.00cvss epss 0.01

    IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls.

  • CVE-2024-56346Mar 18, 2025
    risk 0.00cvss epss 0.01

    IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls.

  • CVE-2024-52906Dec 25, 2024
    risk 0.00cvss epss 0.00

    IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service.

  • CVE-2024-47102Dec 25, 2024
    risk 0.00cvss epss 0.00

    IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service.

  • CVE-2024-47115Dec 7, 2024
    risk 0.00cvss epss 0.00

    IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input.

  • CVE-2024-27260May 16, 2024
    risk 0.00cvss epss 0.00

    IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985.

  • CVE-2024-27273May 7, 2024
    risk 0.00cvss epss 0.00

    IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903.

  • CVE-2024-25021Feb 22, 2024
    risk 0.00cvss epss 0.00

    IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.

Page 8 of 21