Filtered by vendor Ibm
Subscribe
Total
6987 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3730 | 1 Ibm | 1 Rational Requisitepro | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp. | |||||
| CVE-2009-3691 | 1 Ibm | 2 Informix Client Sdk, Informix Connect Runtime | 2023-12-10 | 9.3 HIGH | N/A |
| Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4052 | 1 Ibm | 2 Rational Application Developer For Websphere, Rational Software Architect | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet. | |||||
| CVE-2008-1592 | 3 Hp, Ibm, Tandem Computers | 3 Nonstop, Websphere Mq, Tandem Operating System | 2023-12-10 | 4.6 MEDIUM | N/A |
| MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway panels." | |||||
| CVE-2008-3856 | 1 Ibm | 1 Db2 Universal Database | 2023-12-10 | 7.5 HIGH | N/A |
| The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. | |||||
| CVE-2008-1593 | 1 Ibm | 1 Aix | 2023-12-10 | 7.2 HIGH | N/A |
| The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function. | |||||
| CVE-2009-0506 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2023-12-10 | 6.2 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks. | |||||
| CVE-2009-1250 | 3 Ibm, Linux, Openafs | 3 Afs, Linux Kernel, Openafs | 2023-12-10 | 7.8 HIGH | N/A |
| The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro. | |||||
| CVE-2008-2550 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header. | |||||
| CVE-2008-1101 | 2 Autonomy, Ibm | 2 Keyview, Lotus Notes | 2023-12-10 | 9.3 HIGH | N/A |
| Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document. | |||||
| CVE-2008-5043 | 1 Ibm | 1 Metrica Service Assurance Framework | 2023-12-10 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web-based interface in IBM Metrica Service Assurance Framework allow remote authenticated users to inject arbitrary web script or HTML via (1) the elementid parameter in a generatedreportresults action to the ReportTree program, (2) the jnlpname parameter to the Launch program, or (3) the :tasklabel parameter to the ReportRequest program, related to the name of a report. | |||||
| CVE-2009-1521 | 1 Ibm | 2 Tivoli Storage Manager Client, Tivoli Storage Manager Express | 2023-12-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors. | |||||
| CVE-2008-0949 | 1 Ibm | 1 Informix Dynamic Server | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. | |||||
| CVE-2009-3853 | 1 Ibm | 1 Tivoli Storage Manager | 2023-12-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet. | |||||
| CVE-2009-4329 | 1 Ibm | 1 Db2 | 2023-12-10 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | |||||
| CVE-2008-1965 | 1 Ibm | 2 Lotus Expeditor Client, Lotus Symphany | 2023-12-10 | 9.3 HIGH | N/A |
| Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname. | |||||
| CVE-2009-2583 | 1 Ibm | 1 Tivoli Identity Manager | 2023-12-10 | 6.8 MEDIUM | N/A |
| Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces. | |||||
| CVE-2008-1718 | 2 Autonomy, Ibm | 2 Keyview, Lotus Notes | 2023-12-10 | 9.3 HIGH | N/A |
| Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment. | |||||
| CVE-2009-0903 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. | |||||
| CVE-2009-3090 | 2 Ibm, Linux | 2 Tivoli Directory Server, Linux Kernel | 2023-12-10 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||