Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1124 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.
|
|||||
| CVE-2002-1583 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.
|
|||||
| CVE-2003-0181 | 1 Ibm | 1 Lotus Domino Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name.
|
|||||
| CVE-2001-0533 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.
|
|||||
| CVE-2006-4522 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors.
|
|||||
| CVE-2006-0117 | 1 Ibm | 3 Lotus Domino, Lotus Domino Enterprise Server, Lotus Notes | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion".
|
|||||
| CVE-2004-0668 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment.
|
|||||
| CVE-2001-0982 | 1 Ibm | 1 Tivoli Secureway Policy Director | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings.
|
|||||
| CVE-2005-1112 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.
|
|||||
| CVE-2005-4413 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1.
|
|||||
| CVE-2002-0554 | 1 Ibm | 1 Informix Web Datablade | 2025-04-03 | 7.5 HIGH | N/A |
|
webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.
|
|||||
| CVE-2001-0312 | 1 Ibm | 1 Websphere Plugin | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing.
|
|||||
| CVE-2002-0555 | 1 Ibm | 1 Informix Web Datablade | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.
|
|||||
| CVE-2006-3855 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-03 | 6.5 MEDIUM | N/A |
|
The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR."
|
|||||
| CVE-2002-1548 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."
|
|||||
| CVE-2005-1037 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.
|
|||||
| CVE-2002-1690 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown vulnerability in AIX before 4.0 with unknown attack vectors and unknown impact, aka "security issue," as fixed by APAR IY28225.
|
|||||
| CVE-1999-0055 | 2 Ibm, Sun | 3 Aix, Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflows in Sun libnsl allow root access.
|
|||||
| CVE-2001-0446 | 1 Ibm | 1 Websphere Commerce Suite | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
|
|||||
| CVE-2005-2233 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.
|
|||||
| CVE-1999-0208 | 3 Ibm, Nec, Sgi | 5 Aix, Asl Ux 4800, Ews-ux V and 2 more | 2025-04-03 | 10.0 HIGH | N/A |
|
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
|
|||||
| CVE-2003-1437 | 6 Bea, Hp, Ibm and 3 more | 8 Weblogic Server, Hp-ux, Aix and 5 more | 2025-04-03 | 2.1 LOW | N/A |
|
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.
|
|||||
| CVE-2002-0743 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.
|
|||||
| CVE-2005-2091 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
|
|||||
| CVE-2004-2478 | 3 Ca, Ibm, Jetty | 3 Unicenter Web Services Distributed Management, Trading Partner Interchange, Jetty Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
|||||
| CVE-1999-0718 | 1 Ibm | 1 Gina | 2025-04-03 | 6.2 MEDIUM | N/A |
|
IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.
|
|||||
| CVE-2005-3749 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.
|
|||||
| CVE-1999-0085 | 3 Freebsd, Ibm, Netbsd | 3 Freebsd, Aix, Netbsd | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.
|
|||||
| CVE-2005-2696 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.
|
|||||
| CVE-2005-3569 | 1 Ibm | 1 Db2 Content Manager | 2025-04-03 | 5.0 MEDIUM | N/A |
|
INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files.
|
|||||
| CVE-1999-0072 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in AIX xdat gives root access to local users.
|
|||||
| CVE-2005-4736 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 6.8 MEDIUM | N/A |
|
IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks.
|
|||||
| CVE-1999-1121 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.
|
|||||
| CVE-2006-4416 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program.
|
|||||
| CVE-2001-0552 | 2 Hp, Ibm | 2 Openview Network Node Manager, Tivoli Netview | 2025-04-03 | 10.0 HIGH | N/A |
|
ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli Netview 5.x and 6.x allows remote attackers to execute arbitrary commands via shell metacharacters in a certain SNMP trap message.
|
|||||
| CVE-2003-0180 | 1 Ibm | 1 Lotus Domino Web Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form.
|
|||||
| CVE-2002-2014 | 1 Ibm | 1 Lotus Domino | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows remote attackers to determine valid user names and makes it easier to conduct brute force attacks.
|
|||||
| CVE-2005-4068 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.
|
|||||
| CVE-1999-0691 | 4 Cde, Digital, Ibm and 1 more | 5 Cde, Unix, Aix and 2 more | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
|
|||||
| CVE-1999-1404 | 1 Ibm | 1 Tivoli Opc Tracker Agent | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly.
|
|||||