Filtered by vendor Ibm
Subscribe
Total
6987 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3236 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted. | |||||
CVE-2008-4678 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 7.8 HIGH | N/A |
The HTTP_Request_Parser method in the HTTP Transport component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 allows remote attackers to cause a denial of service (controller 0C4 abend and application hang) via a long HTTP Host header, related to "storage overlay" on the stack and a "parse failure." | |||||
CVE-2008-4693 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | |||||
CVE-2008-3423 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 7.5 HIGH | N/A |
IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | |||||
CVE-2009-0432 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
The installation process for the File Transfer servlet in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.19 does not enable the secure version, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2009-0507 | 1 Ibm | 1 Websphere Process Server | 2023-12-10 | 4.0 MEDIUM | N/A |
IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before 6.2.0.1 does not properly restrict configuration data during an export of the cluster configuration file from the administrative console, which allows remote authenticated users to obtain the (1) JMSAPI, (2) ESCALATION, and (3) MAILSESSION (aka mail session) cleartext passwords via vectors involving access to a cluster member. | |||||
CVE-2009-4240 | 1 Ibm | 1 Infosphere Information Server | 2023-12-10 | 10.0 HIGH | N/A |
Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors. | |||||
CVE-2008-5411 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL traffic over "unsecured TCP," which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | |||||
CVE-2008-2880 | 1 Ibm | 1 Afp Viewer Plug-in | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2009-1355 | 1 Ibm | 1 Aix | 2023-12-10 | 7.2 HIGH | N/A |
Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename. | |||||
CVE-2008-3853 | 1 Ibm | 1 Db2 Universal Database | 2023-12-10 | 9.3 HIGH | N/A |
Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676. | |||||
CVE-2009-4332 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. | |||||
CVE-2009-1906 | 1 Ibm | 1 Db2 | 2023-12-10 | 4.3 MEDIUM | N/A |
The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32. | |||||
CVE-2009-1172 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 10.0 HIGH | N/A |
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors. | |||||
CVE-2009-3089 | 1 Ibm | 1 Tivoli Directory Server | 2023-12-10 | 7.8 HIGH | N/A |
IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2009-0172 | 1 Ibm | 1 Db2 Universal Database | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | |||||
CVE-2009-3470 | 1 Ibm | 1 Informix Dynamic Server | 2023-12-10 | 5.0 MEDIUM | N/A |
IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection. | |||||
CVE-2008-5329 | 1 Ibm | 1 Rational Clearquest | 2023-12-10 | 7.5 HIGH | N/A |
ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows remote servers to direct a client's submissions and changes to an arbitrary database by specifying multiple comma-separated server identifiers on the JTLRMIREGISTRYSERVERS line in a jtl.properties file. | |||||
CVE-2008-5326 | 2 Ibm, Microsoft | 2 Rational Clearquest, Windows | 2023-12-10 | 4.4 MEDIUM | N/A |
The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 before 7.0.0.4 and 7.0.1 before 7.0.1.3 on Windows allows local users to obtain (1) user and (2) database passwords by using a password revealer utility on a field containing a series of asterisks. | |||||
CVE-2008-5675 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI." |