Filtered by vendor Ibm
Subscribe
Total
7122 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1112 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. | |||||
| CVE-2005-2994 | 1 Ibm | 1 Rational Clearquest | 2024-02-28 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS). | |||||
| CVE-2006-0662 | 1 Ibm | 1 Lotus Domino Inotes Client | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. | |||||
| CVE-2005-3569 | 1 Ibm | 1 Db2 Content Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
| INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files. | |||||
| CVE-2005-4272 | 1 Ibm | 1 Aix | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal. | |||||
| CVE-2006-0121 | 1 Ibm | 3 Lotus Domino, Lotus Domino Enterprise Server, Lotus Notes | 2024-02-28 | 7.8 HIGH | N/A |
| Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory. | |||||
| CVE-2006-3859 | 1 Ibm | 1 Informix Dynamic Database Server | 2024-02-28 | 4.0 MEDIUM | N/A |
| IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands. | |||||
| CVE-2006-2435 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts." | |||||
| CVE-2005-4834 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container. | |||||
| CVE-2006-2433 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console". | |||||
| CVE-2006-2431 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous. | |||||
| CVE-2005-4736 | 1 Ibm | 1 Db2 Universal Database | 2024-02-28 | 6.8 MEDIUM | N/A |
| IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. | |||||
| CVE-2006-2647 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands. | |||||
| CVE-2005-3568 | 1 Ibm | 1 Db2 Content Manager | 2024-02-28 | 2.1 LOW | N/A |
| db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING." | |||||
| CVE-2004-2388 | 1 Ibm | 1 Aix | 2024-02-28 | 10.0 HIGH | N/A |
| rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user. | |||||
| CVE-2004-2310 | 1 Ibm | 1 Lotus Domino | 2024-02-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. | |||||
| CVE-2005-1442 | 1 Ibm | 1 Lotus Notes | 2024-02-28 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. | |||||
| CVE-2006-3066 | 1 Ibm | 1 Db2 Universal Database | 2024-02-28 | 5.0 MEDIUM | N/A |
| Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection. | |||||
| CVE-2005-3498 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information. | |||||
| CVE-2005-2073 | 1 Ibm | 1 Db2 | 2024-02-28 | 2.1 LOW | N/A |
| Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. | |||||