Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-3854 | 1 Ibm | 1 Tivoli Storage Manager | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2008-4693 | 1 Ibm | 1 Db2 | 2024-02-28 | 5.0 MEDIUM | N/A |
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | |||||
CVE-2008-2515 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error." | |||||
CVE-2009-4335 | 1 Ibm | 1 Db2 | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits." | |||||
CVE-2009-3037 | 3 Autonomy, Ibm, Symantec | 7 Keyview, Lotus Notes, Brightmail Appliance and 4 more | 2024-02-28 | 9.3 HIGH | N/A |
Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment. | |||||
CVE-2009-1522 | 2 Ibm, Microsoft | 3 Aix, Tivoli Storage Manager Client, Windows | 2024-02-28 | 7.1 HIGH | N/A |
The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. | |||||
CVE-2009-0856 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-4325 | 1 Ibm | 1 Db2 | 2024-02-28 | 6.4 MEDIUM | N/A |
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | |||||
CVE-2008-4563 | 2 Ibm, Microsoft | 3 Tivoli Storage Manager, Tivoli Storage Manager Express, Windows | 2024-02-28 | 10.0 HIGH | N/A |
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value. | |||||
CVE-2009-2093 | 1 Ibm | 1 Websphere Partner Gateway | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2009-0439 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands. | |||||
CVE-2008-4828 | 1 Ibm | 2 Tivoli Storage Manager Client, Tivoli Storage Manager Express | 2024-02-28 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in dsmagent.exe in the Remote Agent Service in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, and 5.4.0.0 through 5.4.1.96, and the TSM Express client 5.3.3.0 through 5.3.6.4, allow remote attackers to execute arbitrary code via (1) a request packet that is not properly parsed by an unspecified "generic string handling function" or (2) a crafted NodeName in a dicuGetIdentifyRequest request packet, related to the (a) Web GUI and (b) Java GUI. | |||||
CVE-2009-3518 | 1 Ibm | 1 Installation Manager | 2024-02-28 | 9.3 HIGH | N/A |
Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname. | |||||
CVE-2008-4801 | 1 Ibm | 2 Tivoli Storage Manager Client, Tivoli Storage Manager Express | 2024-02-28 | 10.0 HIGH | N/A |
Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port. | |||||
CVE-2008-4692 | 1 Ibm | 1 Db2 | 2024-02-28 | 10.0 HIGH | N/A |
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | |||||
CVE-2009-0432 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2008-5325 | 1 Ibm | 1 Rational Clearquest | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-3550 | 1 Ibm | 1 Rational Clearquest | 2024-02-28 | 5.0 MEDIUM | N/A |
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. | |||||
CVE-2009-0508 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 7.5 HIGH | N/A |
The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. | |||||
CVE-2008-5035 | 1 Ibm | 1 Hardware Management Console | 2024-02-28 | 5.0 MEDIUM | N/A |
The Resource Monitoring and Control (RMC) daemon in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 and 3.3.0 SP2 allows remote attackers to cause a denial of service (daemon crash or hang) via a packet with an invalid length. |