Filtered by vendor Ibm
Subscribe
Search
Total
6404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4885 | 2 Ibm, Linux | 3 Aix, Db2, Linux Kernel | 2021-09-20 | 1.9 LOW | 4.7 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909. | |||||
| CVE-2021-29777 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2021-09-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031. | |||||
| CVE-2021-29703 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659. | |||||
| CVE-2021-20579 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2021-09-20 | 3.5 LOW | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283. | |||||
| CVE-2021-29702 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2021-09-20 | 5.0 MEDIUM | 7.5 HIGH |
| Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658. | |||||
| CVE-2020-4607 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege Vault Remote On-premises, Windows | 2021-09-16 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884. | |||||
| CVE-2021-29727 | 1 Ibm | 2 Aix, Vios | 2021-09-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 201106. | |||||
| CVE-2016-0264 | 3 Ibm, Redhat, Suse | 13 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Hpc Node Supplementary and 10 more | 2021-09-09 | 6.8 MEDIUM | 5.6 MEDIUM |
| Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2021-29852 | 1 Ibm | 1 Planning Analytics | 2021-09-09 | 3.5 LOW | 5.4 MEDIUM |
| IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528. | |||||
| CVE-2021-29851 | 1 Ibm | 1 Planning Analytics | 2021-09-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 205527. | |||||
| CVE-2021-29853 | 1 Ibm | 1 Planning Analytics | 2021-09-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Planning Analytics 2.0 could expose information that could be used to to create attacks by not validating the return values from some methods or functions. IBM X-Force ID: 205529. | |||||
| CVE-2018-1985 | 2 Apple, Ibm | 2 Macos, Security Rapport | 2021-09-08 | 4.9 MEDIUM | 4.4 MEDIUM |
| IBM Trusteer Rapport/Apex 3.6.1908.22 contains an unused legacy driver which could allow a user with administrator privileges to cause a buffer overflow that would result in a kernel panic. IBM X-Force ID: 154207. | |||||
| CVE-2018-1882 | 5 Apple, Ibm, Linux and 2 more | 7 Macos, Aix, Spectrum Protect Backup-archive Client and 4 more | 2021-09-08 | 1.9 LOW | 4.7 MEDIUM |
| In a certain atypical IBM Spectrum Protect 7.1 and 8.1 configurations, the node password could be displayed in plain text in the IBM Spectrum Protect client trace file. IBM X-Force ID: 151968. | |||||
| CVE-2014-6184 | 4 Apple, Ibm, Linux and 1 more | 4 Macos, Tivoli Storage Manager, Linux Kernel and 1 more | 2021-09-08 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2021-29907 | 3 Ibm, Linux, Microsoft | 4 Openpages With Watson, Openpages Wtih Watson, Linux Kernel and 1 more | 2021-09-07 | 6.5 MEDIUM | 8.8 HIGH |
| IBM OpenPages with Watson 8.1 and 8.2 could allow an authenticated user to upload a file that could execute arbitrary code on the system. IBM X-Force ID: 207633. | |||||
| CVE-2021-29862 | 1 Ibm | 2 Aix, Vios | 2021-09-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 206086. | |||||
| CVE-2021-29801 | 1 Ibm | 2 Aix, Vios | 2021-09-07 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to gain root privileges. IBM X-Force ID: 203977. | |||||
| CVE-2021-29743 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2021-09-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201693. | |||||
| CVE-2021-29728 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Zseries and 5 more | 2021-09-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 201160. | |||||
| CVE-2021-29723 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Zseries and 5 more | 2021-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201100. | |||||
| CVE-2021-29722 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Linux On Zseries and 5 more | 2021-09-02 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201095. | |||||
| CVE-2021-29744 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2021-09-01 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 201694. | |||||
| CVE-2021-29772 | 1 Ibm | 1 Api Connect | 2021-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774. | |||||
| CVE-2020-4829 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960. | |||||
| CVE-2016-8972 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | |||||
| CVE-2016-6079 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88053. | |||||
| CVE-2016-0281 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.3 MEDIUM | 3.7 LOW |
| The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, when the jumbo_frames feature is not enabled, allows remote attackers to cause a denial of service (FC1763 or FC5899 adapter crash) via crafted packets. | |||||
| CVE-2014-3074 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | N/A |
| The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program. | |||||
| CVE-2020-4887 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 2.1 LOW | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit a vulnerability in the gencore user command to create arbitrary files in any directory. IBM X-Force ID: 190911. | |||||
| CVE-2012-4817 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 5.0 MEDIUM | N/A |
| The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2014-8904 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | N/A |
| lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. | |||||
| CVE-2014-3977 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 6.9 MEDIUM | N/A |
| libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179. | |||||
| CVE-2016-0266 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.3 MEDIUM | 3.7 LOW |
| IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-0930 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.7 MEDIUM | N/A |
| The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, allows local users to cause a denial of service (system crash) or obtain sensitive information from kernel memory via a crafted PT_LDINFO operation. | |||||
| CVE-2012-4833 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 2.1 LOW | N/A |
| fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. | |||||
| CVE-2012-0723 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.9 MEDIUM | N/A |
| The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||
| CVE-2012-2200 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 7.2 HIGH | N/A |
| The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, allows local users to gain privileges by entering a command in a .forward file in a home directory. | |||||
| CVE-2012-4845 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 6.8 MEDIUM | N/A |
| The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. | |||||
| CVE-2012-2192 | 1 Ibm | 2 Aix, Vios | 2021-08-31 | 4.9 MEDIUM | N/A |
| The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list. | |||||
| CVE-2021-29704 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security SOAR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||||
| CVE-2021-29802 | 1 Ibm | 1 Resilient Security Orchestration Automation And Response | 2021-08-26 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security SOAR performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | |||||
| CVE-2020-4992 | 1 Ibm | 1 Datapower Gateway | 2021-08-24 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 192737. | |||||
| CVE-2021-20509 | 1 Ibm | 1 Maximo Asset Management | 2021-08-20 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 198243. | |||||
| CVE-2021-20418 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-08-19 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Security Guardium 11.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 196279. | |||||
| CVE-2021-20427 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-08-19 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 196314. | |||||
| CVE-2021-20420 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-08-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium 11.2 could disclose sensitive information due to reliance on untrusted inputs that could aid in further attacks against the system. IBM X-Force ID: 196281. | |||||
| CVE-2021-20349 | 1 Ibm | 1 Tivoli Workload Scheduler | 2021-08-17 | 4.6 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 194599. | |||||
| CVE-2021-29739 | 1 Ibm | 1 Planning Analytics Local | 2021-08-17 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Planning Analytics Local 2.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. X-Force ID: 198846. | |||||
| CVE-2021-29714 | 1 Ibm | 1 Content Navigator | 2021-08-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968. | |||||
| CVE-2020-4707 | 1 Ibm | 1 Api Connect | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187370. | |||||