Filtered by vendor Ibm
Subscribe
Total
6987 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-6820 | 2 Ibm, Microsoft | 2 Db2, Windows | 2023-12-10 | 10.0 HIGH | N/A |
The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | |||||
CVE-2009-0880 | 2 Ibm, Microsoft | 2 Director, Windows | 2023-12-10 | 6.8 MEDIUM | N/A |
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. | |||||
CVE-2008-1998 | 2 Ibm, Microsoft | 2 Db2, Windows | 2023-12-10 | 8.5 HIGH | N/A |
The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. | |||||
CVE-2009-2092 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 7.5 HIGH | N/A |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors. | |||||
CVE-2009-1239 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. | |||||
CVE-2008-5413 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
PerfServlet in the PMI/Performance Tools component in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 allows attackers to obtain sensitive information by reading the (1) systemout.log and (2) ffdc files. NOTE: this is probably a duplicate of CVE-2009-0434. | |||||
CVE-2009-0173 | 1 Ibm | 1 Db2 Universal Database | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream. | |||||
CVE-2008-5384 | 1 Ibm | 1 Aix | 2023-12-10 | 6.9 MEDIUM | N/A |
crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local users with aix.system.config.cron authorization to gain privileges by launching an editor. | |||||
CVE-2009-3262 | 1 Ibm | 1 Tivoli Identity Manager | 2023-12-10 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile. | |||||
CVE-2009-1901 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 10.0 HIGH | N/A |
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors. | |||||
CVE-2008-4808 | 1 Ibm | 1 Lotus Connections | 2023-12-10 | 5.0 MEDIUM | N/A |
IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover passwords via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-1292 | 2 Ibm, Unix | 3 Aix, Rational Clearcase, Unix | 2023-12-10 | 2.1 LOW | N/A |
UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process. | |||||
CVE-2009-1905 | 1 Ibm | 1 Db2 | 2023-12-10 | 2.6 LOW | N/A |
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors. | |||||
CVE-2008-1707 | 1 Ibm | 1 Soliddb | 2023-12-10 | 4.3 MEDIUM | N/A |
IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field. | |||||
CVE-2008-2514 | 1 Ibm | 1 Aix | 2023-12-10 | 4.6 MEDIUM | N/A |
Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors. | |||||
CVE-2004-2762 | 1 Ibm | 2 Mvs, Tivoli Storage Manager | 2023-12-10 | 4.3 MEDIUM | N/A |
The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1. | |||||
CVE-2009-2743 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 2.1 LOW | N/A |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. | |||||
CVE-2008-3959 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | |||||
CVE-2009-1231 | 1 Ibm | 1 Db2 Content Manager | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors. | |||||
CVE-2009-0906 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 6.5 MEDIUM | N/A |
The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. |