VYPR

Vendor CVEs

IBM

All CVEs

8,259 total · sorted by risk
  • CVE-2013-3977May 26, 2014
    risk 0.04cvss epss 0.09

    The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names.

  • CVE-2013-3975May 26, 2014
    risk 0.04cvss epss 0.13

    Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search.

  • CVE-2013-3986Nov 8, 2013
    risk 0.04cvss epss 0.09

    IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session.

  • CVE-2012-0744Aug 17, 2012
    risk 0.04cvss epss 0.08

    IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8)…

  • CVE-2011-3575Sep 19, 2011
    risk 0.04cvss epss 0.11

    Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.

  • CVE-2011-1206Apr 21, 2011
    risk 0.04cvss epss 0.16

    Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka…

  • CVE-2011-1519Mar 25, 2011
    risk 0.04cvss epss 0.09

    The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing…

  • CVE-2011-0920Feb 8, 2011
    risk 0.04cvss epss 0.10

    The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.

  • CVE-2011-0917Feb 8, 2011
    risk 0.04cvss epss 0.14

    Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX.

  • CVE-2010-3894Nov 12, 2010
    risk 0.04cvss epss 0.12

    Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code…

  • CVE-2010-4057Oct 23, 2010
    risk 0.04cvss epss 0.07

    solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access…

  • CVE-2010-4056Oct 23, 2010
    risk 0.04cvss epss 0.08

    solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via…

  • CVE-2010-4055Oct 23, 2010
    risk 0.04cvss epss 0.07

    Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive…

  • CVE-2009-2753Mar 5, 2010
    risk 0.04cvss epss 0.11

    Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute…

  • CVE-2010-0462Jan 28, 2010
    risk 0.04cvss epss 0.08

    Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.

  • CVE-2009-3691Oct 13, 2009
    risk 0.04cvss epss 0.07

    Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field…

  • CVE-2009-0879Mar 12, 2009
    risk 0.04cvss epss 0.08

    The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.

  • CVE-2009-0172Jan 16, 2009
    risk 0.04cvss epss 0.08

    Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.

  • CVE-2008-1965Apr 25, 2008
    risk 0.04cvss epss 0.11

    Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai:…

  • CVE-2007-6593Dec 28, 2007
    risk 0.04cvss epss 0.06

    Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3…

  • CVE-2006-4254Aug 21, 2006
    risk 0.04cvss epss 0.07

    Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors.

  • CVE-2006-0717Feb 15, 2006
    risk 0.04cvss epss 0.09

    IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite.

  • CVE-2006-0513Feb 6, 2006
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

  • CVE-2005-3498Nov 4, 2005
    risk 0.04cvss epss 0.11

    IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain…

  • CVE-2005-0986May 2, 2005
    risk 0.04cvss epss 0.07

    NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which…

  • CVE-2005-1112May 2, 2005
    risk 0.04cvss epss 0.09

    IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web…

  • CVE-2004-2526Dec 31, 2004
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.

  • CVE-2004-2280Dec 31, 2004
    risk 0.04cvss epss 0.09

    Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.

  • CVE-2002-1169Nov 4, 2002
    risk 0.04cvss epss 0.07

    IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.

  • CVE-2002-0554Jul 3, 2002
    risk 0.04cvss epss 0.07

    webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.

  • CVE-2001-0924Nov 22, 2001
    risk 0.04cvss epss 0.08

    Directory traversal vulnerability in ifx CGI program in Informix Web DataBlade allows remote attackers to read arbitrary files via a .. (dot dot) in the LO parameter.

  • CVE-2001-0319May 3, 2001
    risk 0.04cvss epss 0.07

    orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.

  • CVE-2000-0848Nov 14, 2000
    risk 0.04cvss epss 0.06

    Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.

  • CVE-2000-0844Nov 14, 2000
    risk 0.04cvss epss 0.15

    Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

  • CVE-2000-0652Jul 24, 2000
    risk 0.04cvss epss 0.08

    IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.

  • CVE-1999-0009Apr 8, 1998
    risk 0.04cvss epss 0.29

    Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

  • CVE-1999-0284Jan 1, 1998
    risk 0.04cvss epss 0.12

    Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command.

  • CVE-1999-0018Dec 5, 1997
    risk 0.04cvss epss 0.10

    Buffer overflow in statd allows root privileges.

  • CVE-1999-0042Apr 7, 1997
    risk 0.04cvss epss 0.13

    Buffer overflow in University of Washington's implementation of IMAP and POP servers.

  • CVE-1999-0041Feb 13, 1997
    risk 0.04cvss epss 0.09

    Buffer overflow in NLS (Natural Language Service).

  • CVE-1999-0101Dec 10, 1996
    risk 0.04cvss epss 0.08

    Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.

  • CVE-1999-0208Dec 12, 1995
    risk 0.04cvss epss 0.13

    rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.

  • CVE-1999-0113May 23, 1994
    risk 0.04cvss epss 0.17

    Some implementations of rlogin allow root access if given a -froot parameter.

  • CVE-2015-0135Apr 21, 2015
    risk 0.03cvss epss 0.42

    IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9.

  • CVE-2015-0179Apr 6, 2015
    risk 0.03cvss epss 0.01

    Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.

  • CVE-2014-6137Feb 16, 2015
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2014-8904Jan 15, 2015
    risk 0.03cvss epss 0.01

    lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.

  • CVE-2013-5467Aug 29, 2014
    risk 0.03cvss epss 0.01

    Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM…

  • CVE-2014-3081Aug 17, 2014
    risk 0.03cvss epss 0.04

    prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.

  • CVE-2014-3080Aug 17, 2014
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to kvm.cgi or (2) the key parameter to…

Page 106 of 166