Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6052 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2025-04-09 | 7.8 HIGH | N/A |
|
IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
|
|||||
| CVE-2006-6135 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831).
|
|||||
| CVE-2008-1601 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.
|
|||||
| CVE-2008-1705 | 1 Ibm | 1 Soliddb | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.
|
|||||
| CVE-2009-3699 | 1 Ibm | 2 Aix, Vios | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
|
|||||
| CVE-2003-0898 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 4.6 MEDIUM | N/A |
|
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.
|
|||||
| CVE-1999-0337 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
|
AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled.
|
|||||
| CVE-2000-0505 | 2 Apache, Ibm | 2 Http Server, Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
|
|||||
| CVE-2002-1169 | 1 Ibm | 1 Websphere Caching Proxy Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
|
|||||
| CVE-1999-1079 | 1 Ibm | 1 Aix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.
|
|||||
| CVE-2002-1686 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in lscfg of unknown versions of AIX has unknown impact.
|
|||||
| CVE-2001-0962 | 1 Ibm | 2 Websphere Application Server, Websphere Commerce Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
|
|||||
| CVE-2003-0784 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.
|
|||||
| CVE-2004-2663 | 1 Ibm | 1 Egatherer | 2025-04-03 | 7.5 HIGH | N/A |
|
The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.
|
|||||
| CVE-2002-0037 | 1 Ibm | 1 Lotus Domino Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object.
|
|||||
| CVE-2004-1621 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 4.3 MEDIUM | N/A |
|
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do no ...
Show More |
|||||
| CVE-2002-0678 | 7 Caldera, Compaq, Hp and 4 more | 9 Openunix, Unixware, Tru64 and 6 more | 2025-04-03 | 7.2 HIGH | N/A |
|
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
|
|||||
| CVE-2004-1028 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.
|
|||||
| CVE-2005-2175 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
|
|||||
| CVE-2004-0586 | 1 Ibm | 1 Acprunner | 2025-04-03 | 10.0 HIGH | N/A |
|
acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods.
|
|||||
| CVE-2001-1330 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
|
|||||
| CVE-2006-3231 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."
|
|||||
| CVE-2004-0029 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.
|
|||||
| CVE-2006-0133 | 1 Ibm | 1 Aix | 2025-04-03 | 3.6 LOW | N/A |
|
Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273.
|
|||||
| CVE-2002-1551 | 1 Ibm | 1 Aix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-1999-0117 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
AIX passwd allows local users to gain root access.
|
|||||
| CVE-2006-2429 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers".
|
|||||
| CVE-2006-0674 | 1 Ibm | 1 Aix | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument.
|
|||||
| CVE-2003-0028 | 10 Cray, Freebsd, Gnu and 7 more | 13 Unicos, Freebsd, Glibc and 10 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
|
|||||
| CVE-2001-1310 | 1 Ibm | 1 Secureway Directory | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite.
|
|||||
| CVE-2000-1239 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-03 | 9.0 HIGH | N/A |
|
The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified manipulation of log files.
|
|||||
| CVE-2002-1167 | 1 Ibm | 1 Websphere Caching Proxy Server | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP GET request.
|
|||||
| CVE-2005-2170 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data.
|
|||||
| CVE-1999-0089 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in AIX libDtSvc library can allow local users to gain root access.
|
|||||
| CVE-2005-1442 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file.
|
|||||
| CVE-2004-2319 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2025-04-03 | 3.6 LOW | N/A |
|
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
|
|||||
| CVE-2005-2235 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.
|
|||||
| CVE-1999-0115 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
AIX bugfiler program allows local users to gain root access.
|
|||||
| CVE-2002-1153 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".
|
|||||
| CVE-2001-0319 | 1 Ibm | 3 Net.commerce, Net.commerce Hosting Server, Websphere Commerce Suite | 2025-04-03 | 7.5 HIGH | N/A |
|
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
|
|||||