Vendor CVEs
IBM
All CVEs
8,287 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-4237 | 0.00 | — | 0.00 | Aug 8, 2007 | Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges. | |||
| CVE-2007-4236 | 0.00 | — | 0.00 | Aug 8, 2007 | Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges. | |||
| CVE-2007-4228 | 0.00 | — | 0.00 | Aug 8, 2007 | rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument. | |||
| CVE-2007-4142 | 0.00 | — | 0.01 | Aug 3, 2007 | Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting. | |||
| CVE-2007-3960 | 0.00 | — | 0.02 | Jul 24, 2007 | Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security exposure" in the Samples component (PK40213). | |||
| CVE-2007-3830 | 0.00 | — | 0.02 | Jul 17, 2007 | Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter. | |||
| CVE-2007-3831 | 0.00 | — | 0.05 | Jul 17, 2007 | PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||
| CVE-2007-3680 | 0.00 | — | 0.00 | Jul 11, 2007 | Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable. | |||
| CVE-2007-3537 | 0.00 | — | 0.01 | Jul 3, 2007 | IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules. | |||
| CVE-2007-3397 | 0.00 | — | 0.02 | Jun 26, 2007 | The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive… | |||
| CVE-2007-3262 | 0.00 | — | 0.03 | Jun 19, 2007 | Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant… | |||
| CVE-2007-3265 | 0.00 | — | 0.02 | Jun 19, 2007 | Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-3264 | 0.00 | — | 0.02 | Jun 19, 2007 | Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors. | |||
| CVE-2007-3263 | 0.00 | — | 0.02 | Jun 19, 2007 | Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository." | |||
| CVE-2007-3128 | 0.00 | — | 0.01 | Jun 19, 2007 | SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||
| CVE-2007-3232 | 0.00 | — | 0.03 | Jun 15, 2007 | The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard… | |||
| CVE-2007-0068 | 0.00 | — | 0.02 | Jun 6, 2007 | IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database. | |||
| CVE-2007-2996 | 0.00 | — | 0.00 | Jun 4, 2007 | Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships… | |||
| CVE-2007-2995 | 0.00 | — | 0.01 | Jun 4, 2007 | Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors. | |||
| CVE-2007-2690 | 0.00 | — | 0.02 | May 16, 2007 | Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic. | |||
| CVE-2006-7198 | 0.00 | — | 0.02 | Apr 30, 2007 | Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123. | |||
| CVE-2007-1945 | 0.00 | — | 0.01 | Apr 11, 2007 | Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors. | |||
| CVE-2007-1944 | 0.00 | — | 0.02 | Apr 11, 2007 | The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability. | |||
| CVE-2007-1941 | 0.00 | — | 0.01 | Apr 11, 2007 | Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different… | |||
| CVE-2007-1940 | 0.00 | — | 0.00 | Apr 11, 2007 | IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log. | |||
| CVE-2007-1798 | 0.00 | — | 0.00 | Apr 2, 2007 | Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name. | |||
| CVE-2007-1784 | 0.00 | — | 0.03 | Mar 31, 2007 | The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function. | |||
| CVE-2006-4843 | 0.00 | — | 0.01 | Mar 29, 2007 | Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. | |||
| CVE-2007-1739 | 0.00 | — | 0.03 | Mar 28, 2007 | Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory… | |||
| CVE-2007-1608 | 0.00 | — | 0.02 | Mar 22, 2007 | CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header. | |||
| CVE-2006-7165 | 0.00 | — | 0.01 | Mar 20, 2007 | IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs." | |||
| CVE-2006-7164 | 0.00 | — | 0.01 | Mar 20, 2007 | SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. | |||
| CVE-2006-7166 | 0.00 | — | 0.01 | Mar 20, 2007 | IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL." | |||
| CVE-2007-1468 | 0.00 | — | 0.01 | Mar 16, 2007 | Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry. | |||
| CVE-2007-1228 | 0.00 | — | 0.00 | Mar 2, 2007 | IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | |||
| CVE-2007-1089 | 0.00 | — | 0.00 | Feb 23, 2007 | IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors. | |||
| CVE-2007-1088 | 0.00 | — | 0.01 | Feb 23, 2007 | Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. | |||
| CVE-2007-1086 | 0.00 | — | 0.00 | Feb 23, 2007 | Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." | |||
| CVE-2007-1087 | 0.00 | — | 0.01 | Feb 23, 2007 | IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | |||
| CVE-2007-1027 | 0.00 | — | 0.00 | Feb 21, 2007 | Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. | |||
| CVE-2007-0978 | 0.00 | — | 0.00 | Feb 16, 2007 | Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data. | |||
| CVE-2007-0670 | 0.00 | — | 0.00 | Feb 3, 2007 | Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin. | |||
| CVE-2007-0618 | 0.00 | — | 0.02 | Jan 31, 2007 | Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability." | |||
| CVE-2007-0442 | 0.00 | — | 0.01 | Jan 23, 2007 | Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain. | |||
| CVE-2007-0392 | 0.00 | — | 0.00 | Jan 19, 2007 | IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | |||
| CVE-2006-6914 | 0.00 | — | 0.01 | Dec 31, 2006 | Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors. | |||
| CVE-2006-6915 | 0.00 | — | 0.01 | Dec 31, 2006 | ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources. | |||
| CVE-2006-6836 | 0.00 | — | 0.01 | Dec 31, 2006 | Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing. | |||
| CVE-2006-6638 | 0.00 | — | 0.02 | Dec 19, 2006 | IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | |||
| CVE-2006-6636 | 0.00 | — | 0.03 | Dec 19, 2006 | Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. |
- CVE-2007-4237Aug 8, 2007risk 0.00cvss —epss 0.00
Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.
- CVE-2007-4236Aug 8, 2007risk 0.00cvss —epss 0.00
Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.
- CVE-2007-4228Aug 8, 2007risk 0.00cvss —epss 0.00
rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument.
- CVE-2007-4142Aug 3, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting.
- CVE-2007-3960Jul 24, 2007risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in IBM WebSphere Application Server (WAS) before Fix Pack 21 (6.0.2.21) have unknown impact and attack vectors, aka (1) PK33799, or (2) a "Potential security exposure" in the Samples component (PK40213).
- CVE-2007-3830Jul 17, 2007risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter.
- CVE-2007-3831Jul 17, 2007risk 0.00cvss —epss 0.05
PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
- CVE-2007-3680Jul 11, 2007risk 0.00cvss —epss 0.00
Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable.
- CVE-2007-3537Jul 3, 2007risk 0.00cvss —epss 0.01
IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules.
- CVE-2007-3397Jun 26, 2007risk 0.00cvss —epss 0.02
The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive…
- CVE-2007-3262Jun 19, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant…
- CVE-2007-3265Jun 19, 2007risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in the Samples component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-3264Jun 19, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors.
- CVE-2007-3263Jun 19, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."
- CVE-2007-3128Jun 19, 2007risk 0.00cvss —epss 0.01
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.
- CVE-2007-3232Jun 15, 2007risk 0.00cvss —epss 0.03
The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard…
- CVE-2007-0068Jun 6, 2007risk 0.00cvss —epss 0.02
IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.
- CVE-2007-2996Jun 4, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships…
- CVE-2007-2995Jun 4, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and 5.3.0 has unknown impact and attack vectors.
- CVE-2007-2690May 16, 2007risk 0.00cvss —epss 0.02
Multiple IBM ISS Proventia Series products, including the A, G, and M series, do not properly handle certain full-width and half-width Unicode character encodings, which might allow remote attackers to evade detection of HTTP traffic.
- CVE-2006-7198Apr 30, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.
- CVE-2007-1945Apr 11, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.
- CVE-2007-1944Apr 11, 2007risk 0.00cvss —epss 0.02
The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability.
- CVE-2007-1941Apr 11, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different…
- CVE-2007-1940Apr 11, 2007risk 0.00cvss —epss 0.00
IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log.
- CVE-2007-1798Apr 2, 2007risk 0.00cvss —epss 0.00
Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name.
- CVE-2007-1784Mar 31, 2007risk 0.00cvss —epss 0.03
The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function.
- CVE-2006-4843Mar 29, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.
- CVE-2007-1739Mar 28, 2007risk 0.00cvss —epss 0.03
Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory…
- CVE-2007-1608Mar 22, 2007risk 0.00cvss —epss 0.02
CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.
- CVE-2006-7165Mar 20, 2007risk 0.00cvss —epss 0.01
IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."
- CVE-2006-7164Mar 20, 2007risk 0.00cvss —epss 0.01
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
- CVE-2006-7166Mar 20, 2007risk 0.00cvss —epss 0.01
IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows remote attackers to obtain JSP source code and other sensitive information via "a specific JSP URL."
- CVE-2007-1468Mar 16, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry.
- CVE-2007-1228Mar 2, 2007risk 0.00cvss —epss 0.00
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
- CVE-2007-1089Feb 23, 2007risk 0.00cvss —epss 0.00
IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.
- CVE-2007-1088Feb 23, 2007risk 0.00cvss —epss 0.01
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.
- CVE-2007-1086Feb 23, 2007risk 0.00cvss —epss 0.00
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."
- CVE-2007-1087Feb 23, 2007risk 0.00cvss —epss 0.01
IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.
- CVE-2007-1027Feb 21, 2007risk 0.00cvss —epss 0.00
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
- CVE-2007-0978Feb 16, 2007risk 0.00cvss —epss 0.00
Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data.
- CVE-2007-0670Feb 3, 2007risk 0.00cvss —epss 0.00
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
- CVE-2007-0618Jan 31, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) imapds in IBM AIX 5.3.0 has unspecified impact and attack vectors, involving an "authentication vulnerability."
- CVE-2007-0442Jan 23, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.
- CVE-2007-0392Jan 19, 2007risk 0.00cvss —epss 0.00
IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
- CVE-2006-6914Dec 31, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.
- CVE-2006-6915Dec 31, 2006risk 0.00cvss —epss 0.01
ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.
- CVE-2006-6836Dec 31, 2006risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
- CVE-2006-6638Dec 19, 2006risk 0.00cvss —epss 0.02
IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.
- CVE-2006-6636Dec 19, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.
Page 159 of 166