Filtered by vendor Ibm
Subscribe
Total
6987 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3958 | 1 Ibm | 1 Db2 | 2023-12-10 | 7.5 HIGH | N/A |
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. | |||||
CVE-2009-0370 | 1 Ibm | 1 Aix | 2023-12-10 | 7.2 HIGH | N/A |
Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files." | |||||
CVE-2009-3521 | 1 Ibm | 1 Tivoli Composite Application Manager For Wesbsphere | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2009-4325 | 1 Ibm | 1 Db2 | 2023-12-10 | 6.4 MEDIUM | N/A |
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | |||||
CVE-2009-4334 | 1 Ibm | 1 Db2 | 2023-12-10 | 4.6 MEDIUM | N/A |
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. | |||||
CVE-2007-6020 | 4 Activepdf, Autonomy, Ibm and 1 more | 5 Docconverter, Keyview, Lotus Notes and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file. | |||||
CVE-2009-2741 | 1 Ibm | 1 Websphere Business Events | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
CVE-2008-4691 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. | |||||
CVE-2008-3550 | 1 Ibm | 1 Rational Clearquest | 2023-12-10 | 5.0 MEDIUM | N/A |
The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. | |||||
CVE-2007-5405 | 4 Activepdf, Autonomy, Ibm and 1 more | 5 Docconverter, Keyview, Lotus Notes and 2 more | 2023-12-10 | 9.3 HIGH | N/A |
Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with (1) a long ENCODING attribute in a *BEGIN tag, (2) a long token, or (3) the initial *BEGIN tag. | |||||
CVE-2009-0440 | 1 Ibm | 1 Websphere Partner Gateway | 2023-12-10 | 6.5 MEDIUM | N/A |
IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not properly handle failures of signature verification, which might allow remote authenticated users to submit a crafted RosettaNet (aka RNIF) document to a backend application, related to (1) "altered service content" and (2) "digital signature foot-print." | |||||
CVE-2009-0779 | 1 Ibm | 1 Aix | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users to gain privileges via a long "input string." | |||||
CVE-2009-2669 | 1 Ibm | 1 Aix | 2023-12-10 | 7.2 HIGH | N/A |
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. | |||||
CVE-2008-1705 | 1 Ibm | 1 Soliddb | 2023-12-10 | 6.8 MEDIUM | N/A |
Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. | |||||
CVE-2009-1240 | 1 Ibm | 4 Network Multi-function Security, Proventia Desktop Endpoint Security, Proventia Network Mail Security System and 1 more | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive. | |||||
CVE-2009-3087 | 2 Ibm, Microsoft | 2 Lotus Domino, Windows Server 2003 | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2008-4692 | 1 Ibm | 1 Db2 | 2023-12-10 | 10.0 HIGH | N/A |
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | |||||
CVE-2008-1708 | 1 Ibm | 1 Soliddb | 2023-12-10 | 4.3 MEDIUM | N/A |
IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field. | |||||
CVE-2008-1598 | 1 Ibm | 1 Aix | 2023-12-10 | 4.7 MEDIUM | N/A |
The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors. | |||||
CVE-2009-4152 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. |