Ibm

Vios

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-36251

Medienbericht
  • EPSS 0.08%
  • Veröffentlicht 13.11.2025 22:15:51
  • Zuletzt bearbeitet 19.11.2025 22:08:07

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was p...

8.1

CVE-2025-36096

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 13.11.2025 22:15:50
  • Zuletzt bearbeitet 19.11.2025 22:11:50

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.

9.1

CVE-2025-36236

Medienbericht
  • EPSS 0.06%
  • Veröffentlicht 13.11.2025 22:15:50
  • Zuletzt bearbeitet 19.11.2025 22:11:10

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request to write arbitrary ...

9.8

CVE-2025-36250

Medienbericht
  • EPSS 0.1%
  • Veröffentlicht 13.11.2025 22:15:50
  • Zuletzt bearbeitet 19.11.2025 22:08:58

IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls.  This addresses additional attack vectors for a v...

5.5

CVE-2025-36244

  • EPSS 0.02%
  • Veröffentlicht 16.09.2025 14:38:08
  • Zuletzt bearbeitet 17.10.2025 14:34:38

IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.

8.4

CVE-2025-33112

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 10.06.2025 16:28:44
  • Zuletzt bearbeitet 25.07.2025 19:09:10

IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input.

6.9

CVE-2015-4948

  • EPSS 0.05%
  • Veröffentlicht 16.10.2015 01:59:02
  • Zuletzt bearbeitet 12.04.2025 10:46:40

netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

7.2

CVE-2013-4011

  • EPSS 8.47%
  • Veröffentlicht 18.07.2013 16:51:55
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.

8.5

CVE-2013-3005

  • EPSS 1.24%
  • Veröffentlicht 06.07.2013 13:57:36
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.

7.1

CVE-2013-3035

  • EPSS 6.66%
  • Veröffentlicht 21.06.2013 14:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a denial of service (system hang) via a crafted packet to an IPv6 interface.