VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2008-2514Jun 2, 2008
    risk 0.00cvss epss 0.00

    Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors.

  • CVE-2008-2513Jun 2, 2008
    risk 0.00cvss epss 0.00

    Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows local users to execute arbitrary code in kernel mode via unknown attack vectors.

  • CVE-2008-2410May 22, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-2221May 14, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors.

  • CVE-2008-2163May 13, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors."

  • CVE-2008-1998Apr 28, 2008
    risk 0.00cvss epss 0.03

    The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.

  • CVE-2008-1997Apr 28, 2008
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.

  • CVE-2008-1966Apr 27, 2008
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2)…

  • CVE-2007-5758Apr 16, 2008
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable.

  • CVE-2007-5664Apr 16, 2008
    risk 0.00cvss epss 0.00

    db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization.

  • CVE-2007-5405Apr 10, 2008
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with…

  • CVE-2007-5399Apr 10, 2008
    risk 0.00cvss epss 0.06

    Multiple heap-based buffer overflows in emlsr.dll in the EML reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, allow remote attackers to execute arbitrary code via a long (1) To, (2) Cc, (3) Bcc, (4) From, (5) Date, (6) Subject, (7) Priority, (8)…

  • CVE-2008-1101Apr 10, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG…

  • CVE-2007-5406Apr 10, 2008
    risk 0.00cvss epss 0.03

    kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, does not properly parse long tokens, which allows remote attackers to cause a denial of service…

  • CVE-2008-0066Apr 10, 2008
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2)…

  • CVE-2008-1718Apr 10, 2008
    risk 0.00cvss epss 0.03

    Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment.

  • CVE-2007-6020Apr 10, 2008
    risk 0.00cvss epss 0.06

    Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long…

  • CVE-2008-1707Apr 9, 2008
    risk 0.00cvss epss 0.02

    IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field.

  • CVE-2008-1708Apr 9, 2008
    risk 0.00cvss epss 0.02

    IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field.

  • CVE-2008-1710Apr 9, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable.

  • CVE-2008-1705Apr 9, 2008
    risk 0.00cvss epss 0.03

    Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.

  • CVE-2008-1706Apr 9, 2008
    risk 0.00cvss epss 0.02

    Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field.

  • CVE-2008-1681Apr 4, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.

  • CVE-2008-1601Mar 31, 2008
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges.

  • CVE-2008-1600Mar 31, 2008
    risk 0.00cvss epss 0.00

    The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329.

  • CVE-2008-1595Mar 31, 2008
    risk 0.00cvss epss 0.00

    The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.

  • CVE-2008-1599Mar 31, 2008
    risk 0.00cvss epss 0.00

    The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking (1) atmstat, (2) entstat, (3) fddistat, (4) hdlcstat, or (5) tokstat.

  • CVE-2008-1592Mar 31, 2008
    risk 0.00cvss epss 0.00

    MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop and Tandem NSK platforms does not require mqm group membership for execution of administrative tasks, which allows local users to bypass intended access restrictions via the runmqsc program, related to "Pathway…

  • CVE-2008-1593Mar 31, 2008
    risk 0.00cvss epss 0.00

    The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably…

  • CVE-2008-1596Mar 31, 2008
    risk 0.00cvss epss 0.00

    Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a…

  • CVE-2008-1597Mar 31, 2008
    risk 0.00cvss epss 0.00

    The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."

  • CVE-2008-1594Mar 31, 2008
    risk 0.00cvss epss 0.00

    The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a…

  • CVE-2008-1598Mar 31, 2008
    risk 0.00cvss epss 0.00

    The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors.

  • CVE-2008-1483Mar 24, 2008
    risk 0.00cvss epss 0.00

    OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by…

  • CVE-2008-0949Mar 18, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.

  • CVE-2008-0727Mar 18, 2008
    risk 0.00cvss epss 0.05

    Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.

  • CVE-2008-1287Mar 11, 2008
    risk 0.00cvss epss 0.01

    IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error messages depending on whether the username is valid or invalid, which allows remote attackers to enumerate usernames.

  • CVE-2008-1288Mar 11, 2008
    risk 0.00cvss epss 0.01

    IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or remote attackers to obtain sensitive information about users by reading user cookies.

  • CVE-2008-1274Mar 10, 2008
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows local users to execute arbitrary code via a malicious program in the man directory.

  • CVE-2008-1217Mar 9, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706.

  • CVE-2008-1216Mar 9, 2008
    risk 0.00cvss epss 0.02

    IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count…

  • CVE-2007-6705Mar 9, 2008
    risk 0.00cvss epss 0.00

    The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client for Windows, when running in an MTS or a COM+ environment, grants the PROCESS_DUP_HANDLE privilege to the Everyone group upon connection to a queue manager, which allows local users to duplicate an arbitrary…

  • CVE-2007-6706Mar 9, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP.

  • CVE-2008-1130Mar 4, 2008
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and 5.3 before Fix Pack 14 allows attackers to bypass access restrictions for a queue manager via a SVRCONN (MQ client) channel.

  • CVE-2008-0861Feb 21, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action.

  • CVE-2008-0862Feb 21, 2008
    risk 0.00cvss epss 0.02

    IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection.

  • CVE-2008-0834Feb 20, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS before 8.0.0.2 Hotfix 11, when anonymous access is disabled on HTTP ports, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-0768Feb 13, 2008
    risk 0.00cvss epss 0.04

    Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.

  • CVE-2008-0741Feb 13, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors.

  • CVE-2008-0740Feb 13, 2008
    risk 0.00cvss epss 0.00

    IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file.

Page 156 of 166