Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0949 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. | |||||
| CVE-2007-4798 | 1 Ibm | 1 Aix | 2025-04-09 | 6.6 MEDIUM | N/A |
| Unspecified vulnerability in invscout in Inventory Scout in invscout.rte in IBM AIX 5.2 and 5.3 allows local users to delete system files that have names matching the final substring of a hostname alias, as demonstrated by hostnames ending in "unix". | |||||
| CVE-2008-1707 | 1 Ibm | 1 Soliddb | 2025-04-09 | 4.3 MEDIUM | N/A |
| IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field. | |||||
| CVE-2009-1522 | 2 Ibm, Microsoft | 3 Aix, Tivoli Storage Manager Client, Windows | 2025-04-09 | 7.1 HIGH | N/A |
| The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. | |||||
| CVE-2007-4417 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 6.0 MEDIUM | N/A |
| IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed. | |||||
| CVE-2009-0891 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.5 MEDIUM | N/A |
| The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. | |||||
| CVE-2008-4805 | 1 Ibm | 1 Lotus Connections | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-6051 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
| IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | |||||
| CVE-2007-1086 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 Universal Database and 3 more | 2025-04-09 | 7.2 HIGH | N/A |
| Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." | |||||
| CVE-2009-3089 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-09 | 7.8 HIGH | N/A |
| IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2009-4329 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | |||||
| CVE-2007-5544 | 1 Ibm | 2 Lotus Domino, Lotus Notes | 2025-04-09 | 6.2 MEDIUM | 7.8 HIGH |
| IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. | |||||
| CVE-2008-1998 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-04-09 | 8.5 HIGH | N/A |
| The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. | |||||
| CVE-2008-3854 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 7.8 HIGH | N/A |
| Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function. | |||||
| CVE-2007-5652 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.8 HIGH | N/A |
| IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | |||||
| CVE-1999-0115 | 1 Ibm | 1 Aix | 2025-04-03 | 7.2 HIGH | N/A |
| AIX bugfiler program allows local users to gain root access. | |||||
| CVE-1999-1275 | 1 Ibm | 1 Lotus Cc Mail | 2025-04-03 | 4.6 MEDIUM | N/A |
| Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges. | |||||
| CVE-1999-1119 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
| FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2001-1080 | 1 Ibm | 1 Aix | 2025-04-03 | 10.0 HIGH | N/A |
| diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program. | |||||
| CVE-2001-0390 | 1 Ibm | 3 Net.commerce, Net.commerce Hosting Server, Websphere Application Server | 2025-04-03 | 5.0 MEDIUM | N/A |
| IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. | |||||