VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2009-4329Dec 16, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility.

  • CVE-2009-4328Dec 16, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances.

  • CVE-2009-4327Dec 16, 2009
    risk 0.00cvss epss 0.02

    The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors.

  • CVE-2009-4326Dec 16, 2009
    risk 0.00cvss epss 0.02

    The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on…

  • CVE-2009-4325Dec 16, 2009
    risk 0.00cvss epss 0.03

    The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."

  • CVE-2009-4240Dec 9, 2009
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.

  • CVE-2009-4239Dec 9, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-2749Dec 8, 2009
    risk 0.00cvss epss 0.01

    Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value.

  • CVE-2009-4153Dec 2, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory.

  • CVE-2009-4152Dec 2, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag.

  • CVE-2009-4150Dec 2, 2009
    risk 0.00cvss epss 0.00

    dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.

  • CVE-2009-4052Nov 23, 2009
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via…

  • CVE-2009-2746Nov 16, 2009
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of…

  • CVE-2009-3935Nov 12, 2009
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.

  • CVE-2009-3900Nov 6, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp).

  • CVE-2009-3855Nov 4, 2009
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read,…

  • CVE-2009-3854Nov 4, 2009
    risk 0.00cvss epss 0.06

    Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2009-0306Nov 4, 2009
    risk 0.00cvss epss 0.04

    Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in lnresobject.dll in BlackBerry Desktop Manager in Research In Motion (RIM) BlackBerry Desktop Software before 5.0.1 allows remote attackers to execute arbitrary code via a crafted web page. NOTE: some of these…

  • CVE-2009-3852Nov 3, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17."

  • CVE-2009-3816Oct 28, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-3745Oct 22, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string.

  • CVE-2009-3521Oct 1, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2009-3517Oct 1, 2009
    risk 0.00cvss epss 0.04

    nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.

  • CVE-2009-3516Oct 1, 2009
    risk 0.00cvss epss 0.00

    gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

  • CVE-2009-3473Sep 29, 2009
    risk 0.00cvss epss 0.02

    IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.

  • CVE-2009-3472Sep 29, 2009
    risk 0.00cvss epss 0.02

    IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.

  • CVE-2009-3471Sep 29, 2009
    risk 0.00cvss epss 0.02

    IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.

  • CVE-2009-3470Sep 29, 2009
    risk 0.00cvss epss 0.02

    IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection.

  • CVE-2009-3453Sep 29, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template.

  • CVE-2009-2744Sep 21, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to cause a denial of service via unknown vectors, related to "an error in fixpacks 6.1.0.23 and 6.1.0.25."

  • CVE-2009-2743Sep 21, 2009
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading…

  • CVE-2009-2742Sep 21, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input.

  • CVE-2009-2741Sep 18, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2009-3262Sep 18, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.

  • CVE-2009-3161Sep 10, 2009
    risk 0.00cvss epss 0.02

    The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data.

  • CVE-2009-3160Sep 10, 2009
    risk 0.00cvss epss 0.02

    IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and 7.0.1.0, when read ahead or asynchronous message consumption is enabled, allows attackers to have an unspecified impact via unknown vectors, related to a "memory overwrite" issue.

  • CVE-2009-3159Sep 10, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors.

  • CVE-2009-3114Sep 9, 2009
    risk 0.00cvss epss 0.02

    The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.

  • CVE-2009-3106Sep 8, 2009
    risk 0.00cvss epss 0.03

    The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain…

  • CVE-2009-3105Sep 8, 2009
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC.

  • CVE-2009-3090Sep 8, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable…

  • CVE-2009-3089Sep 8, 2009
    risk 0.00cvss epss 0.02

    IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux,…

  • CVE-2009-3088Sep 8, 2009
    risk 0.00cvss epss 0.02

    Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to have an unspecified impact via unknown vectors that trigger heap corruption, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of…

  • CVE-2009-3087Sep 8, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of…

  • CVE-2009-3037Sep 1, 2009
    risk 0.00cvss epss 0.06

    Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to…

  • CVE-2008-7131Aug 31, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to gain access to a database via a link to a victim who is already connected to the database.

  • CVE-2008-7130Aug 31, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier allows remote attackers to upload arbitrary files via unknown vectors.

  • CVE-2009-2956Aug 24, 2009
    risk 0.00cvss epss 0.01

    The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for…

  • CVE-2009-2860Aug 19, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."

  • CVE-2009-2859Aug 19, 2009
    risk 0.00cvss epss 0.00

    IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

Page 152 of 166