Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3504 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code.
|
|||||
| CVE-2005-3060 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors.
|
|||||
| CVE-1999-0338 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
AIX Licensed Program Product performance tools allow local users to gain root access.
|
|||||
| CVE-1999-0091 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in AIX writesrv command allows local users to obtain root access.
|
|||||
| CVE-2001-0052 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 2.1 LOW | N/A |
|
IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.
|
|||||
| CVE-2001-1189 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.6 MEDIUM | N/A |
|
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.
|
|||||
| CVE-2004-2131 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
|
|||||
| CVE-2000-0497 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
|
|||||
| CVE-2005-1238 | 1 Ibm | 1 Iseries As 400 | 2025-04-03 | 7.5 HIGH | N/A |
|
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.
|
|||||
| CVE-2000-0844 | 13 Caldera, Conectiva, Debian and 10 more | 16 Openlinux, Openlinux Ebuilder, Openlinux Eserver and 13 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
|
|||||
| CVE-2006-3853 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.
|
|||||
| CVE-2005-3396 | 1 Ibm | 1 Aix | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.
|
|||||
| CVE-1999-0429 | 1 Ibm | 1 Lotus Notes | 2025-04-03 | 7.5 HIGH | N/A |
|
The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.
|
|||||
| CVE-2002-1731 | 1 Ibm | 1 Os 400 | 2025-04-03 | 2.1 LOW | N/A |
|
The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF.
|
|||||
| CVE-2004-1663 | 5 Broadcom, Brocade, Engenio and 2 more | 6 Fabric Operating System, Silkworm, Silkworm Fiber Channel Switch and 3 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
|
|||||
| CVE-2005-4864 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.2 HIGH | N/A |
|
Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.
|
|||||
| CVE-2001-0671 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges.
|
|||||
| CVE-2004-0263 | 2 Apache, Ibm | 2 Http Server, Http Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
|
|||||
| CVE-1999-1408 | 2 Hp, Ibm | 2 Hp-ux, Aix | 2025-04-03 | 2.1 LOW | N/A |
|
Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users to cause a denial of service (crash) by using a socket to connect to a port on the localhost, calling shutdown to clear the socket, then using the same socket to connect to a different port on localhost.
|
|||||
| CVE-2000-1168 | 1 Ibm | 1 Http Server | 2025-04-03 | 7.5 HIGH | N/A |
|
IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
|
|||||
| CVE-2003-0759 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.
|
|||||
| CVE-2005-2994 | 1 Ibm | 1 Rational Clearquest | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS).
|
|||||
| CVE-2002-0790 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
|
clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.
|
|||||
| CVE-2001-0998 | 1 Ibm | 2 Aix, Hacmp | 2025-04-03 | 5.0 MEDIUM | N/A |
|
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.
|
|||||
| CVE-1999-0009 | 11 Bsdi, Caldera, Data General and 8 more | 13 Bsd Os, Openlinux, Dg Ux and 10 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
|
|||||
| CVE-2002-1468 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
|
|||||
| CVE-2005-3498 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 4.3 MEDIUM | N/A |
|
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.
|
|||||
| CVE-1999-0064 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in AIX lquerylv program gives root access to local users.
|
|||||
| CVE-2004-0544 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.
|
|||||
| CVE-2003-1051 | 1 Ibm | 1 Db2 | 2025-04-03 | 7.2 HIGH | N/A |
|
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
|
|||||
| CVE-1999-1405 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
|
snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.
|
|||||
| CVE-1999-0097 | 3 Hp, Ibm, Sun | 4 Hp-ux, Aix, Solaris and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
|
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
|
|||||
| CVE-2004-0243 | 1 Ibm | 1 Aix | 2025-04-03 | 5.0 MEDIUM | N/A |
|
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
|
|||||
| CVE-2004-2526 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.
|
|||||
| CVE-2000-0761 | 1 Ibm | 1 Os2 Ftp Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.
|
|||||
| CVE-2006-2435 | 1 Ibm | 1 Websphere Application Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts."
|
|||||
| CVE-2000-1110 | 1 Ibm | 1 Net.data | 2025-04-03 | 5.0 MEDIUM | N/A |
|
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
|
|||||
| CVE-2005-0417 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | 10.0 HIGH | N/A |
|
Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor.
|
|||||
| CVE-2005-3289 | 1 Ibm | 1 Aix | 2025-04-03 | 2.1 LOW | N/A |
|
LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.
|
|||||
| CVE-2004-1329 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
|
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
|
|||||