Filtered by vendor Ibm
Subscribe
Search
Total
6404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0057 | 5 Eric Allman, Freebsd, Hp and 2 more | 7 Vacation, Freebsd, Hp-ux and 4 more | 2008-09-09 | 7.5 HIGH | N/A |
| Vacation program allows command execution by remote users through a sendmail command. | |||||
| CVE-1999-0092 | 1 Ibm | 1 Aix | 2008-09-09 | 7.2 HIGH | N/A |
| Various vulnerabilities in the AIX portmir command allows local users to obtain root access. | |||||
| CVE-1999-0091 | 1 Ibm | 1 Aix | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow in AIX writesrv command allows local users to obtain root access. | |||||
| CVE-1999-0090 | 1 Ibm | 1 Aix | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow in AIX rcp command allows local users to obtain root access. | |||||
| CVE-1999-0019 | 7 Data General, Ibm, Ncr and 4 more | 10 Dg Ux, Aix, Mp-ras and 7 more | 2008-09-09 | 5.0 MEDIUM | N/A |
| Delete or create a file via rpc.statd, due to invalid information. | |||||
| CVE-1999-0017 | 9 Caldera, Freebsd, Gnu and 6 more | 11 Openlinux, Freebsd, Inet and 8 more | 2008-09-09 | 7.5 HIGH | N/A |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. | |||||
| CVE-1999-0117 | 1 Ibm | 1 Aix | 2008-09-09 | 7.2 HIGH | N/A |
| AIX passwd allows local users to gain root access. | |||||
| CVE-1999-0116 | 1 Ibm | 2 Aix, Sng | 2008-09-09 | 5.0 MEDIUM | N/A |
| Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. | |||||
| CVE-1999-0115 | 1 Ibm | 1 Aix | 2008-09-09 | 7.2 HIGH | N/A |
| AIX bugfiler program allows local users to gain root access. | |||||
| CVE-1999-0122 | 1 Ibm | 1 Aix | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow in AIX lchangelv gives root access. | |||||
| CVE-1999-0072 | 1 Ibm | 1 Aix | 2008-09-09 | 7.2 HIGH | N/A |
| Buffer overflow in AIX xdat gives root access to local users. | |||||
| CVE-1999-0111 | 1 Ibm | 1 Aix | 2008-09-09 | 5.0 MEDIUM | N/A |
| RIP v1 is susceptible to spoofing. | |||||
| CVE-1999-0033 | 5 Ibm, Ncr, Sco and 2 more | 7 Aix, Mp-ras, Open Desktop and 4 more | 2008-09-09 | 7.2 HIGH | N/A |
| Command execution in Sun systems via buffer overflow in the at program. | |||||
| CVE-1999-0113 | 1 Ibm | 1 Aix | 2008-09-09 | 10.0 HIGH | N/A |
| Some implementations of rlogin allow root access if given a -froot parameter. | |||||
| CVE-1999-0093 | 1 Ibm | 1 Aix | 2008-09-09 | 7.2 HIGH | N/A |
| AIX nslookup command allows local users to obtain root access by not dropping privileges correctly. | |||||
| CVE-2007-5559 | 1 Ibm | 1 Thinkvantage Tpm | 2008-09-05 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2007-5757 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697. | |||||
| CVE-2007-4309 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 3.5 LOW | N/A |
| IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696. | |||||
| CVE-2007-3676 | 1 Ibm | 1 Db2 | 2008-09-05 | 10.0 HIGH | N/A |
| IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698. | |||||
| CVE-2007-1941 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843. | |||||
| CVE-2006-7164 | 3 Ibm, Linux, Unix | 3 Websphere Application Server, Linux Kernel, Unix | 2008-09-05 | 4.3 MEDIUM | N/A |
| SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. | |||||
| CVE-2006-6638 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | |||||
| CVE-2006-6836 | 1 Ibm | 1 Os 400 | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing. | |||||
| CVE-2006-3778 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients. | |||||
| CVE-2006-1948 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 4.0 MEDIUM | N/A |
| The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient. | |||||
| CVE-2005-4737 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 7.5 HIGH | N/A |
| IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared. | |||||
| CVE-2005-4740 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 4.0 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client." | |||||
| CVE-2005-4739 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.8 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action. | |||||
| CVE-2005-4738 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.5 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. | |||||
| CVE-2005-4736 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.8 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. | |||||
| CVE-2005-4735 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 6.8 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. | |||||
| CVE-2005-4413 | 1 Ibm | 1 Websphere Application Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1. | |||||
| CVE-2005-3643 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 7.5 HIGH | N/A |
| IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. | |||||
| CVE-2005-3642 | 1 Ibm | 1 Informix Dynamic Database Server | 2008-09-05 | 7.5 HIGH | N/A |
| IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. | |||||
| CVE-2005-3289 | 1 Ibm | 1 Aix | 2008-09-05 | 2.1 LOW | N/A |
| LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file. | |||||
| CVE-2005-3015 | 1 Ibm | 2 Lotus Domino, Lotus Domino Enterprise Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. | |||||
| CVE-2005-2237 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2005-2175 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | |||||
| CVE-2005-2232 | 1 Ibm | 1 Aix | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2005-2233 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare. | |||||
| CVE-2005-2238 | 1 Ibm | 1 Aix | 2008-09-05 | 2.1 LOW | N/A |
| ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports. | |||||
| CVE-2005-2234 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2005-2235 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2005-2236 | 1 Ibm | 1 Aix | 2008-09-05 | 7.2 HIGH | N/A |
| Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments. | |||||
| CVE-2005-2073 | 1 Ibm | 1 Db2 | 2008-09-05 | 2.1 LOW | N/A |
| Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. | |||||
| CVE-2005-1037 | 1 Ibm | 1 Aix | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges. | |||||
| CVE-2005-0991 | 1 Ibm | 1 Aix | 2008-09-05 | 2.1 LOW | N/A |
| RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files. | |||||
| CVE-2005-0425 | 1 Ibm | 1 Websphere Application Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. | |||||
| CVE-2005-0539 | 1 Ibm | 1 Hardware Management Console | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard. | |||||
| CVE-2004-2667 | 1 Ibm | 1 Lotus Domino | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||