Filtered by vendor Ibm
Subscribe
Total
7122 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-3642 | 1 Ibm | 1 Informix Dynamic Database Server | 2024-02-28 | 7.5 HIGH | N/A |
IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username. | |||||
CVE-2006-2434 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace. | |||||
CVE-2004-2281 | 1 Ibm | 1 Lotus Notes | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3. | |||||
CVE-2004-2478 | 3 Ca, Ibm, Jetty | 3 Unicenter Web Services Distributed Management, Trading Partner Interchange, Jetty Http Server | 2024-02-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
CVE-2006-0667 | 1 Ibm | 1 Aix | 2024-02-28 | 4.6 MEDIUM | N/A |
lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack. | |||||
CVE-2005-4735 | 1 Ibm | 1 Db2 Universal Database | 2024-02-28 | 6.8 MEDIUM | N/A |
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. | |||||
CVE-2005-2454 | 1 Ibm | 1 Lotus Notes | 2024-02-28 | 4.6 MEDIUM | N/A |
IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. | |||||
CVE-2005-2696 | 1 Ibm | 1 Lotus Notes | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. | |||||
CVE-2006-2342 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 7.5 HIGH | N/A |
IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root. | |||||
CVE-2006-3861 | 1 Ibm | 1 Informix Dynamic Server | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases. | |||||
CVE-2005-4863 | 1 Ibm | 1 Db2 Universal Database | 2024-02-28 | 7.2 HIGH | N/A |
Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter. | |||||
CVE-2006-2429 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers". | |||||
CVE-2004-2312 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. | |||||
CVE-2005-4868 | 2 Ibm, Microsoft | 2 Db2 Universal Database, Windows | 2024-02-28 | 2.1 LOW | 7.1 HIGH |
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | |||||
CVE-2006-4416 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program. | |||||
CVE-2005-4869 | 1 Ibm | 1 Db2 | 2024-02-28 | 2.1 LOW | N/A |
The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference. | |||||
CVE-2005-2712 | 1 Ibm | 1 Lotus Domino | 2024-02-28 | 7.8 HIGH | N/A |
The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. | |||||
CVE-2006-4681 | 1 Ibm | 1 Director | 2024-02-28 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter. | |||||
CVE-2005-4870 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.3 MEDIUM | N/A |
Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | |||||
CVE-2005-4867 | 1 Ibm | 1 Db2 Universal Database | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter. |