Every CVE whose affected-product data names Ibm Vios, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (92)
CVE-2009-3699 — CVSS 10.0 (critical): Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1…
CVE-2010-1039 — CVSS 10.0 (critical): Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier…
CVE-2025-36250 — CVSS 10.0 (critical): IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to…
CVE-2025-36251 — CVSS 9.6 (critical): IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary…
CVE-2025-36096 — CVSS 9.0 (critical): IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to…
CVE-2022-22351 — CVSS 8.6 (high): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause…
CVE-2013-3005 — CVSS 8.5 (high): The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass…
CVE-2023-45174 — CVSS 8.4 (high): IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a privileged local user to exploit a vulnerability in the qdaemon command to escalate privileges…
CVE-2024-25021 — CVSS 8.4 (high): IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary…
CVE-2023-45166 — CVSS 8.4 (high): IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piodmgrsu command to obtain…
CVE-2025-33112 — CVSS 8.4 (high): IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary…
CVE-2022-41290 — CVSS 8.4 (high): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to…
CVE-2023-26286 — CVSS 8.4 (high): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library…
CVE-2023-28528 — CVSS 8.4 (high): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute…
CVE-2023-45168 — CVSS 8.4 (high): IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute…
CVE-2023-45170 — CVSS 8.4 (high): IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the piobe command to escalate…
CVE-2024-27260 — CVSS 8.4 (high): IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to…
CVE-2025-36236 — CVSS 8.2 (high): IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to…
CVE-2024-27273 — CVSS 8.1 (high): IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using…
CVE-2024-47115 — CVSS 7.8 (high): IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization…
CVE-2022-36768 — CVSS 7.8 (high): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain…
CVE-2022-34356 — CVSS 7.8 (high): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root…
CVE-2011-1385 — CVSS 7.8 (high): IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo…
CVE-2016-6079 — CVSS 7.8 (high): IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level…
CVE-2016-8972 — CVSS 7.8 (high): IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client…
CVE-2020-4829 — CVSS 7.8 (high): IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM…
CVE-2021-29741 — CVSS 7.8 (high): IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force…
CVE-2021-29801 — CVSS 7.8 (high): IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges…
CVE-2021-38990 — CVSS 7.8 (high): IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to…
CVE-2021-38991 — CVSS 7.8 (high): IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could…
CVE-2025-36244 — CVSS 7.4 (high): IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files…
CVE-2025-62231 — CVSS 7.3 (high): A flaw was identified in the X.Org X server’s X Keyboard (Xkb) extension where improper bounds checking in the XkbSetCompatMap() function…
CVE-2025-62230 — CVSS 7.3 (high): A flaw was discovered in the X.Org X server’s X Keyboard (Xkb) extension when handling client resource cleanup. The software frees…
CVE-2010-0960 — CVSS 7.2 (high): Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
CVE-2010-0961 — CVSS 7.2 (high): Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
CVE-2013-4011 — CVSS 7.2 (high): Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to…
CVE-2014-3074 — CVSS 7.2 (high): The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain…
CVE-2014-8904 — CVSS 7.2 (high): lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV…
CVE-2012-2200 — CVSS 7.2 (high): The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by…
CVE-2012-0745 — CVSS 7.2 (high): The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP…
CVE-2013-3035 — CVSS 7.1 (high): The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allows remote attackers to cause a…
CVE-2014-3977 — CVSS 6.9 (medium): libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file…
CVE-2015-4948 — CVSS 6.9 (medium): netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via…
CVE-2010-3405 — CVSS 6.8 (medium): Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to…
CVE-2012-4845 — CVSS 6.8 (medium): The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which…
CVE-2026-6732 — CVSS 6.5 (medium): A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated…
CVE-2022-43848 — CVSS 6.2 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension…
CVE-2021-29860 — CVSS 6.2 (medium): IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive…
CVE-2021-29861 — CVSS 6.2 (medium): IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information…
CVE-2022-39164 — CVSS 6.2 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial…
CVE-2022-39165 — CVSS 6.2 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service…
CVE-2022-40233 — CVSS 6.2 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension…
CVE-2022-43380 — CVSS 6.2 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to…
CVE-2022-43381 — CVSS 6.2 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a…
CVE-2022-43382 — CVSS 6.2 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause…
CVE-2022-43849 — CVSS 6.2 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to…
CVE-2022-47990 — CVSS 6.2 (medium): IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow…
CVE-2023-40371 — CVSS 6.2 (medium): IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to…
CVE-2023-45167 — CVSS 6.2 (medium): IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM…
CVE-2023-45169 — CVSS 6.2 (medium): IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a…
CVE-2023-45171 — CVSS 6.2 (medium): IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of…
CVE-2023-45172 — CVSS 6.2 (medium): IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of…
CVE-2023-45173 — CVSS 6.2 (medium): IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a…
CVE-2023-45175 — CVSS 6.2 (medium): IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a…
CVE-2026-0990 — CVSS 5.9 (medium): A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI…
CVE-2021-38989 — CVSS 5.5 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial…
CVE-2021-38988 — CVSS 5.5 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial…
CVE-2021-38993 — CVSS 5.5 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a…
CVE-2021-29862 — CVSS 5.5 (medium): IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of…
CVE-2021-29727 — CVSS 5.5 (medium): IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM…
CVE-2024-47102 — CVSS 5.5 (medium): IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension…
CVE-2022-22444 — CVSS 5.5 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM…
CVE-2020-4887 — CVSS 5.5 (medium): IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files…
CVE-2024-52906 — CVSS 5.5 (medium): IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to…
CVE-2022-22350 — CVSS 5.5 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service…
CVE-2021-38996 — CVSS 5.5 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial…
CVE-2021-38995 — CVSS 5.5 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial…
CVE-2021-38994 — CVSS 5.5 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial…
CVE-2012-4817 — CVSS 5.0 (medium): The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values…
CVE-2012-0723 — CVSS 4.9 (medium): The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows…
CVE-2012-2192 — CVSS 4.9 (medium): The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system…
CVE-2014-0930 — CVSS 4.7 (medium): The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or…
CVE-2020-4788 — CVSS 4.7 (medium): IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache…
CVE-2021-29693 — CVSS 4.4 (medium): IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user that is in the with elevated group privileges to cause a denial of service due to a…
CVE-2021-38955 — CVSS 4.4 (medium): IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation…
CVE-2026-0989 — CVSS 3.7 (low): A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a…
CVE-2016-0281 — CVSS 3.7 (low): The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers…
CVE-2016-0266 — CVSS 3.7 (low): IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle…
CVE-2014-3566 — CVSS 3.4 (low): The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for…
CVE-2025-8732 — CVSS 3.3 (low): A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function…
CVE-2026-0992 — CVSS 2.9 (low): A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that…
CVE-2012-4833 — CVSS 2.1 (low): fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill…