Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1250 | 3 Ibm, Linux, Openafs | 3 Afs, Linux Kernel, Openafs | 2024-02-28 | 7.8 HIGH | N/A |
The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro. | |||||
CVE-2008-4806 | 1 Ibm | 1 Lotus Connections | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-0178 | 1 Ibm | 1 Hardware Management Console | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors. | |||||
CVE-2008-1599 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat. | |||||
CVE-2008-5412 | 2 Ibm, Microsoft | 2 Websphere Application Server, Windows | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438. | |||||
CVE-2008-3855 | 1 Ibm | 1 Db2 Universal Database | 2024-02-28 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664. | |||||
CVE-2009-1899 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin." | |||||
CVE-2008-4581 | 1 Ibm | 1 Enovia Smarteam | 2024-02-28 | 4.0 MEDIUM | N/A |
The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view. | |||||
CVE-2009-0306 | 2 Ibm, Rim | 2 Lotus Notes Intellisync, Blackberry Desktop Software | 2024-02-28 | 9.3 HIGH | N/A |
Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-2514 | 1 Ibm | 1 Aix | 2024-02-28 | 4.6 MEDIUM | N/A |
Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors. | |||||
CVE-2009-1786 | 1 Ibm | 1 Aix | 2024-02-28 | 6.9 MEDIUM | N/A |
The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable. | |||||
CVE-2009-0370 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files." | |||||
CVE-2008-4679 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 6.8 MEDIUM | N/A |
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when Certificate Store Collections is configured to use Certificate Revocation Lists (CRL), does not call the setRevocationEnabled method on the PKIXBuilderParameters object, which prevents the "Java security method" from checking the revocation status of X.509 certificates and allows remote attackers to bypass intended access restrictions via a SOAP message with a revoked certificate. | |||||
CVE-2009-1292 | 2 Ibm, Unix | 3 Aix, Rational Clearcase, Unix | 2024-02-28 | 2.1 LOW | N/A |
UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process. | |||||
CVE-2009-4329 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | |||||
CVE-2009-2858 | 1 Ibm | 1 Db2 | 2024-02-28 | 5.0 MEDIUM | N/A |
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure. | |||||
CVE-2009-0391 | 1 Ibm | 2 Websphere Application Server, Zos | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors. | |||||
CVE-2009-2669 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. | |||||
CVE-2009-2744 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25." | |||||
CVE-2008-1710 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable. |