Filtered by vendor Ibm
Subscribe
Search
Total
6404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6705 | 1 Ibm | 1 Websphere Mq | 2008-11-15 | 3.3 LOW | N/A |
| The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary handle and possibly hijack an arbitrary process. | |||||
| CVE-2007-6363 | 1 Ibm | 1 Tivoli Netcool Security Manager | 2008-11-15 | 2.1 LOW | N/A |
| IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password. | |||||
| CVE-2007-4598 | 1 Ibm | 1 Surepos 500 | 2008-11-15 | 4.6 MEDIUM | N/A |
| IBM SurePOS 500 has (1) a default password of "12345" for the manager and (2) blank default passwords for operator accounts. | |||||
| CVE-2007-3397 | 1 Ibm | 1 Websphere Application Server | 2008-11-15 | 5.0 MEDIUM | N/A |
| The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information. | |||||
| CVE-2007-0442 | 1 Ibm | 1 Os 400 | 2008-11-15 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain. | |||||
| CVE-2008-4404 | 1 Ibm | 1 Zseries | 2008-10-03 | 10.0 HIGH | N/A |
| The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476. | |||||
| CVE-2005-2994 | 1 Ibm | 1 Rational Clearquest | 2008-09-10 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS). | |||||
| CVE-2003-0784 | 1 Ibm | 1 Aix | 2008-09-10 | 10.0 HIGH | N/A |
| Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers. | |||||
| CVE-2003-0836 | 1 Ibm | 1 Db2 Universal Database | 2008-09-10 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command. | |||||
| CVE-2003-0697 | 1 Ibm | 1 Aix | 2008-09-10 | 7.2 HIGH | N/A |
| Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges. | |||||
| CVE-2002-1169 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. | |||||
| CVE-2002-1168 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response. | |||||
| CVE-2002-1167 | 1 Ibm | 1 Websphere Caching Proxy Server | 2008-09-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request. | |||||
| CVE-2002-0790 | 1 Ibm | 1 Aix | 2008-09-10 | 2.1 LOW | N/A |
| clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. | |||||
| CVE-2001-0824 | 1 Ibm | 1 Websphere Application Server | 2008-09-10 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. | |||||
| CVE-2001-0487 | 1 Ibm | 1 Aix Snmp | 2008-09-10 | 5.0 MEDIUM | N/A |
| AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection. | |||||
| CVE-2000-1117 | 1 Ibm | 1 Lotus Notes | 2008-09-10 | 5.0 MEDIUM | N/A |
| The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method. | |||||
| CVE-2000-0441 | 1 Ibm | 1 Aix | 2008-09-10 | 5.0 MEDIUM | N/A |
| Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. | |||||
| CVE-2000-0497 | 1 Ibm | 1 Websphere Application Server | 2008-09-10 | 5.0 MEDIUM | N/A |
| IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. | |||||
| CVE-2000-0249 | 1 Ibm | 1 Aix | 2008-09-10 | 7.2 HIGH | N/A |
| The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program. | |||||
| CVE-1999-1552 | 1 Ibm | 1 Aix | 2008-09-10 | 7.2 HIGH | N/A |
| dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges. | |||||
| CVE-2000-0027 | 1 Ibm | 1 Network Station Manager | 2008-09-10 | 6.2 MEDIUM | N/A |
| IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. | |||||
| CVE-1999-1403 | 1 Ibm | 1 Tivoli Opc Tracker Agent | 2008-09-10 | 7.2 HIGH | N/A |
| IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files. | |||||
| CVE-1999-1404 | 1 Ibm | 1 Tivoli Opc Tracker Agent | 2008-09-10 | 5.0 MEDIUM | N/A |
| IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly. | |||||
| CVE-1999-0903 | 1 Ibm | 1 Aix | 2008-09-09 | 7.5 HIGH | N/A |
| genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. | |||||
| CVE-1999-0852 | 1 Ibm | 1 Websphere Application Server | 2008-09-09 | 7.2 HIGH | N/A |
| IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin. | |||||
| CVE-1999-0628 | 4 Freebsd, Ibm, Linux and 1 more | 4 Freebsd, Aix, Linux Kernel and 1 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| The rwho/rwhod service is running, which exposes machine status and user information. | |||||
| CVE-1999-0627 | 1 Ibm | 1 Aix | 2008-09-09 | 0.0 LOW | N/A |
| The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. | |||||
| CVE-1999-0745 | 1 Ibm | 1 Aix | 2008-09-09 | 10.0 HIGH | N/A |
| Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler. | |||||
| CVE-1999-0566 | 1 Ibm | 1 Aix | 2008-09-09 | 5.0 MEDIUM | N/A |
| An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities. | |||||
| CVE-1999-0789 | 1 Ibm | 1 Aix | 2008-09-09 | 10.0 HIGH | N/A |
| Buffer overflow in AIX ftpd in the libc library. | |||||
| CVE-1999-0694 | 1 Ibm | 1 Aix | 2008-09-09 | 2.1 LOW | N/A |
| Denial of service in AIX ptrace system call allows local users to crash the system. | |||||
| CVE-1999-0729 | 1 Ibm | 1 Lotus Domino Server | 2008-09-09 | 5.0 MEDIUM | N/A |
| Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. | |||||
| CVE-1999-0208 | 3 Ibm, Nec, Sgi | 5 Aix, Asl Ux 4800, Ews-ux V and 2 more | 2008-09-09 | 10.0 HIGH | N/A |
| rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. | |||||
| CVE-1999-0345 | 4 Freebsd, Ibm, Sco and 1 more | 7 Freebsd, Aix, Sng and 4 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. | |||||
| CVE-1999-0338 | 1 Ibm | 1 Aix | 2008-09-09 | 7.2 HIGH | N/A |
| AIX Licensed Program Product performance tools allow local users to gain root access. | |||||
| CVE-1999-0337 | 1 Ibm | 1 Aix | 2008-09-09 | 7.5 HIGH | N/A |
| AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. | |||||
| CVE-1999-0064 | 1 Ibm | 1 Aix | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow in AIX lquerylv program gives root access to local users. | |||||
| CVE-1999-0131 | 8 Bsdi, Digital, Eric Allman and 5 more | 9 Bsd Os, Osf 1, Sendmail and 6 more | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users. | |||||
| CVE-1999-0138 | 7 Apple, Digital, Freebsd and 4 more | 9 A Ux, Osf 1, Freebsd and 6 more | 2008-09-09 | 7.2 HIGH | N/A |
| The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. | |||||
| CVE-1999-0041 | 5 Cray, Gnu, Ibm and 2 more | 6 Unicos, Unicos Max, Libc and 3 more | 2008-09-09 | 7.5 HIGH | N/A |
| Buffer overflow in NLS (Natural Language Service). | |||||
| CVE-1999-0086 | 1 Ibm | 1 Aix | 2008-09-09 | 5.0 MEDIUM | N/A |
| AIX routed allows remote users to modify sensitive files. | |||||
| CVE-1999-0087 | 1 Ibm | 1 Aix | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. | |||||
| CVE-1999-0042 | 5 Bsdi, Caldera, Ibm and 2 more | 6 Bsd Os, Openlinux, Aix and 3 more | 2008-09-09 | 10.0 HIGH | N/A |
| Buffer overflow in University of Washington's implementation of IMAP and POP servers. | |||||
| CVE-1999-0094 | 1 Ibm | 1 Aix | 2008-09-09 | 4.6 MEDIUM | N/A |
| AIX piodmgrsu command allows local users to gain additional group privileges. | |||||
| CVE-1999-0128 | 5 Digital, Ibm, Linux and 2 more | 9 Osf 1, Aix, Sng and 6 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death. | |||||
| CVE-1999-0101 | 1 Ibm | 1 Aix | 2008-09-09 | 10.0 HIGH | N/A |
| Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. | |||||
| CVE-1999-0130 | 7 Bsdi, Caldera, Eric Allman and 4 more | 7 Bsd Os, Network Desktop, Sendmail and 4 more | 2008-09-09 | 7.2 HIGH | N/A |
| Local users can start Sendmail in daemon mode and gain root privileges. | |||||
| CVE-1999-0014 | 3 Cde, Hp, Ibm | 4 Cde, Hp-ux, Vvos and 1 more | 2008-09-09 | 7.2 HIGH | N/A |
| Unauthorized privileged access or denial of service via dtappgather program in CDE. | |||||
| CVE-1999-0048 | 3 Debian, Ibm, Nec | 5 Netkit, Aix, Asl Ux 4800 and 2 more | 2008-09-09 | 10.0 HIGH | N/A |
| Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges. | |||||