Vendor CVEs
IBM
All CVEs
8,259 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3977 | 0.04 | — | 0.09 | May 26, 2014 | The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. | |||
| CVE-2013-3975 | 0.04 | — | 0.13 | May 26, 2014 | Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search. | |||
| CVE-2013-3986 | 0.04 | — | 0.09 | Nov 8, 2013 | IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session. | |||
| CVE-2012-0744 | 0.04 | — | 0.08 | Aug 17, 2012 | IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8)… | |||
| CVE-2011-3575 | 0.04 | — | 0.11 | Sep 19, 2011 | Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf. | |||
| CVE-2011-1206 | 0.04 | — | 0.16 | Apr 21, 2011 | Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka… | |||
| CVE-2011-1519 | 0.04 | — | 0.09 | Mar 25, 2011 | The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing… | |||
| CVE-2011-0920 | 0.04 | — | 0.10 | Feb 8, 2011 | The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS. | |||
| CVE-2011-0917 | 0.04 | — | 0.14 | Feb 8, 2011 | Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX. | |||
| CVE-2010-3894 | 0.04 | — | 0.12 | Nov 12, 2010 | Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code… | |||
| CVE-2010-4057 | 0.04 | — | 0.07 | Oct 23, 2010 | solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access… | |||
| CVE-2010-4056 | 0.04 | — | 0.08 | Oct 23, 2010 | solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via… | |||
| CVE-2010-4055 | 0.04 | — | 0.07 | Oct 23, 2010 | Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive… | |||
| CVE-2009-2753 | 0.04 | — | 0.11 | Mar 5, 2010 | Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute… | |||
| CVE-2010-0462 | 0.04 | — | 0.08 | Jan 28, 2010 | Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function. | |||
| CVE-2009-3691 | 0.04 | — | 0.07 | Oct 13, 2009 | Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field… | |||
| CVE-2009-0879 | 0.04 | — | 0.08 | Mar 12, 2009 | The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. | |||
| CVE-2009-0172 | 0.04 | — | 0.08 | Jan 16, 2009 | Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | |||
| CVE-2008-1965 | 0.04 | — | 0.11 | Apr 25, 2008 | Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai:… | |||
| CVE-2007-6593 | 0.04 | — | 0.06 | Dec 28, 2007 | Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3… | |||
| CVE-2006-4254 | 0.04 | — | 0.07 | Aug 21, 2006 | Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2006-0717 | 0.04 | — | 0.09 | Feb 15, 2006 | IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite. | |||
| CVE-2006-0513 | 0.04 | — | 0.09 | Feb 6, 2006 | Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||
| CVE-2005-3498 | 0.04 | — | 0.11 | Nov 4, 2005 | IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain… | |||
| CVE-2005-0986 | 0.04 | — | 0.07 | May 2, 2005 | NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which… | |||
| CVE-2005-1112 | 0.04 | — | 0.09 | May 2, 2005 | IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web… | |||
| CVE-2004-2526 | 0.04 | — | 0.09 | Dec 31, 2004 | Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter. | |||
| CVE-2004-2280 | 0.04 | — | 0.09 | Dec 31, 2004 | Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN. | |||
| CVE-2002-1169 | 0.04 | — | 0.07 | Nov 4, 2002 | IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. | |||
| CVE-2002-0554 | 0.04 | — | 0.07 | Jul 3, 2002 | webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. | |||
| CVE-2001-0924 | 0.04 | — | 0.08 | Nov 22, 2001 | Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter. | |||
| CVE-2001-0319 | 0.04 | — | 0.07 | May 3, 2001 | orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. | |||
| CVE-2000-0848 | 0.04 | — | 0.06 | Nov 14, 2000 | Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. | |||
| CVE-2000-0844 | 0.04 | — | 0.15 | Nov 14, 2000 | Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. | |||
| CVE-2000-0652 | 0.04 | — | 0.08 | Jul 24, 2000 | IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. | |||
| CVE-1999-0009 | 0.04 | — | 0.29 | Apr 8, 1998 | Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. | |||
| CVE-1999-0284 | 0.04 | — | 0.12 | Jan 1, 1998 | Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command. | |||
| CVE-1999-0018 | 0.04 | — | 0.10 | Dec 5, 1997 | Buffer overflow in statd allows root privileges. | |||
| CVE-1999-0042 | 0.04 | — | 0.13 | Apr 7, 1997 | Buffer overflow in University of Washington's implementation of IMAP and POP servers. | |||
| CVE-1999-0041 | 0.04 | — | 0.09 | Feb 13, 1997 | Buffer overflow in NLS (Natural Language Service). | |||
| CVE-1999-0101 | 0.04 | — | 0.08 | Dec 10, 1996 | Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names. | |||
| CVE-1999-0208 | 0.04 | — | 0.13 | Dec 12, 1995 | rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. | |||
| CVE-1999-0113 | 0.04 | — | 0.17 | May 23, 1994 | Some implementations of rlogin allow root access if given a -froot parameter. | |||
| CVE-2015-0135 | 0.03 | — | 0.42 | Apr 21, 2015 | IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9. | |||
| CVE-2015-0179 | 0.03 | — | 0.01 | Apr 6, 2015 | Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. | |||
| CVE-2014-6137 | 0.03 | — | 0.02 | Feb 16, 2015 | Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2014-8904 | 0.03 | — | 0.01 | Jan 15, 2015 | lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. | |||
| CVE-2013-5467 | 0.03 | — | 0.01 | Aug 29, 2014 | Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM… | |||
| CVE-2014-3081 | 0.03 | — | 0.04 | Aug 17, 2014 | prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter. | |||
| CVE-2014-3080 | 0.03 | — | 0.04 | Aug 17, 2014 | Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to… |
- CVE-2013-3977May 26, 2014risk 0.04cvss —epss 0.09
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.
- CVE-2013-3975May 26, 2014risk 0.04cvss —epss 0.13
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.
- CVE-2013-3986Nov 8, 2013risk 0.04cvss —epss 0.09
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session.
- CVE-2012-0744Aug 17, 2012risk 0.04cvss —epss 0.08
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8)…
- CVE-2011-3575Sep 19, 2011risk 0.04cvss —epss 0.11
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.
- CVE-2011-1206Apr 21, 2011risk 0.04cvss —epss 0.16
Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka…
- CVE-2011-1519Mar 25, 2011risk 0.04cvss —epss 0.09
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing…
- CVE-2011-0920Feb 8, 2011risk 0.04cvss —epss 0.10
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.
- CVE-2011-0917Feb 8, 2011risk 0.04cvss —epss 0.14
Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX.
- CVE-2010-3894Nov 12, 2010risk 0.04cvss —epss 0.12
Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code…
- CVE-2010-4057Oct 23, 2010risk 0.04cvss —epss 0.07
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access…
- CVE-2010-4056Oct 23, 2010risk 0.04cvss —epss 0.08
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via…
- CVE-2010-4055Oct 23, 2010risk 0.04cvss —epss 0.07
Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive…
- CVE-2009-2753Mar 5, 2010risk 0.04cvss —epss 0.11
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute…
- CVE-2010-0462Jan 28, 2010risk 0.04cvss —epss 0.08
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.
- CVE-2009-3691Oct 13, 2009risk 0.04cvss —epss 0.07
Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field…
- CVE-2009-0879Mar 12, 2009risk 0.04cvss —epss 0.08
The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
- CVE-2009-0172Jan 16, 2009risk 0.04cvss —epss 0.08
Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.
- CVE-2008-1965Apr 25, 2008risk 0.04cvss —epss 0.11
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai:…
- CVE-2007-6593Dec 28, 2007risk 0.04cvss —epss 0.06
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3…
- CVE-2006-4254Aug 21, 2006risk 0.04cvss —epss 0.07
Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors.
- CVE-2006-0717Feb 15, 2006risk 0.04cvss —epss 0.09
IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite.
- CVE-2006-0513Feb 6, 2006risk 0.04cvss —epss 0.09
Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
- CVE-2005-3498Nov 4, 2005risk 0.04cvss —epss 0.11
IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain…
- CVE-2005-0986May 2, 2005risk 0.04cvss —epss 0.07
NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which…
- CVE-2005-1112May 2, 2005risk 0.04cvss —epss 0.09
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web…
- CVE-2004-2526Dec 31, 2004risk 0.04cvss —epss 0.09
Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.
- CVE-2004-2280Dec 31, 2004risk 0.04cvss —epss 0.09
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.
- CVE-2002-1169Nov 4, 2002risk 0.04cvss —epss 0.07
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
- CVE-2002-0554Jul 3, 2002risk 0.04cvss —epss 0.07
webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.
- CVE-2001-0924Nov 22, 2001risk 0.04cvss —epss 0.08
Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter.
- CVE-2001-0319May 3, 2001risk 0.04cvss —epss 0.07
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
- CVE-2000-0848Nov 14, 2000risk 0.04cvss —epss 0.06
Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.
- CVE-2000-0844Nov 14, 2000risk 0.04cvss —epss 0.15
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
- CVE-2000-0652Jul 24, 2000risk 0.04cvss —epss 0.08
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.
- CVE-1999-0009Apr 8, 1998risk 0.04cvss —epss 0.29
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
- CVE-1999-0284Jan 1, 1998risk 0.04cvss —epss 0.12
Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.
- CVE-1999-0018Dec 5, 1997risk 0.04cvss —epss 0.10
Buffer overflow in statd allows root privileges.
- CVE-1999-0042Apr 7, 1997risk 0.04cvss —epss 0.13
Buffer overflow in University of Washington's implementation of IMAP and POP servers.
- CVE-1999-0041Feb 13, 1997risk 0.04cvss —epss 0.09
Buffer overflow in NLS (Natural Language Service).
- CVE-1999-0101Dec 10, 1996risk 0.04cvss —epss 0.08
Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.
- CVE-1999-0208Dec 12, 1995risk 0.04cvss —epss 0.13
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
- CVE-1999-0113May 23, 1994risk 0.04cvss —epss 0.17
Some implementations of rlogin allow root access if given a -froot parameter.
- CVE-2015-0135Apr 21, 2015risk 0.03cvss —epss 0.42
IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9.
- CVE-2015-0179Apr 6, 2015risk 0.03cvss —epss 0.01
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.
- CVE-2014-6137Feb 16, 2015risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-8904Jan 15, 2015risk 0.03cvss —epss 0.01
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.
- CVE-2013-5467Aug 29, 2014risk 0.03cvss —epss 0.01
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM…
- CVE-2014-3081Aug 17, 2014risk 0.03cvss —epss 0.04
prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.
- CVE-2014-3080Aug 17, 2014risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to…
Page 106 of 166