VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2006-6636Dec 19, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.

  • CVE-2006-6607Dec 18, 2006
    risk 0.00cvss epss 0.00

    The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other…

  • CVE-2006-6537Dec 14, 2006
    risk 0.00cvss epss 0.01

    IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html.

  • CVE-2006-6309Dec 6, 2006
    risk 0.00cvss epss 0.01

    Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than…

  • CVE-2006-6135Nov 28, 2006
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831).

  • CVE-2006-6136Nov 28, 2006
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors.

  • CVE-2006-5818Nov 8, 2006
    risk 0.00cvss epss 0.00

    Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors.

  • CVE-2006-5663Nov 3, 2006
    risk 0.00cvss epss 0.00

    IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.

  • CVE-2006-5664Nov 3, 2006
    risk 0.00cvss epss 0.00

    The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files.

  • CVE-2006-5324Oct 17, 2006
    risk 0.00cvss epss 0.02

    The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374.

  • CVE-2006-5323Oct 17, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.

  • CVE-2006-5161Oct 5, 2006
    risk 0.00cvss epss 0.01

    IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page.

  • CVE-2006-5163Oct 5, 2006
    risk 0.00cvss epss 0.00

    IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.

  • CVE-2006-5008Sep 27, 2006
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.

  • CVE-2006-5002Sep 27, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors.

  • CVE-2006-5003Sep 27, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors.

  • CVE-2006-5004Sep 27, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.

  • CVE-2006-5005Sep 27, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login.

  • CVE-2006-5006Sep 27, 2006
    risk 0.00cvss epss 0.00

    Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument.

  • CVE-2006-5007Sep 27, 2006
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.

  • CVE-2006-5009Sep 27, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow.

  • CVE-2006-5010Sep 27, 2006
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program.

  • CVE-2006-5011Sep 27, 2006
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine".

  • CVE-2006-4763Sep 13, 2006
    risk 0.00cvss epss 0.02

    IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie.

  • CVE-2006-4682Sep 11, 2006
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets.

  • CVE-2006-4683Sep 11, 2006
    risk 0.00cvss epss 0.01

    IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.

  • CVE-2006-4522Sep 1, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors.

  • CVE-2006-4416Aug 28, 2006
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program.

  • CVE-2006-4257Aug 21, 2006
    risk 0.00cvss epss 0.02

    IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a…

  • CVE-2006-4223Aug 18, 2006
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), which occurs when ibm-web-ext.xmi sets fileServingEnabled to true or…

  • CVE-2006-4222Aug 18, 2006
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2)…

  • CVE-2006-3859Aug 17, 2006
    risk 0.00cvss epss 0.01

    IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands.

  • CVE-2006-3854Aug 17, 2006
    risk 0.00cvss epss 0.04

    Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes an overflow in vsprintf when displaying in the resulting error message.…

  • CVE-2006-3860Aug 17, 2006
    risk 0.00cvss epss 0.03

    IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions.

  • CVE-2006-4137Aug 14, 2006
    risk 0.00cvss epss 0.01

    IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces.

  • CVE-2006-4136Aug 14, 2006
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others.

  • CVE-2006-3858Aug 8, 2006
    risk 0.00cvss epss 0.01

    IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).

  • CVE-2006-3853Aug 8, 2006
    risk 0.00cvss epss 0.04

    Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.

  • CVE-2006-3855Aug 8, 2006
    risk 0.00cvss epss 0.02

    The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR."

  • CVE-2006-3856Aug 8, 2006
    risk 0.00cvss epss 0.00

    IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.

  • CVE-2006-3857Aug 8, 2006
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch,…

  • CVE-2006-3861Aug 8, 2006
    risk 0.00cvss epss 0.01

    IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.

  • CVE-2006-3862Aug 8, 2006
    risk 0.00cvss epss 0.03

    Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).

  • CVE-2006-3778Jul 24, 2006
    risk 0.00cvss epss 0.01

    IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were…

  • CVE-2006-3569Jul 13, 2006
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, 7.1x, 7.1.0.1x, and 7.2RC1, RC2, and RC3, as used in IBM N series Filers and other products, allows unauthorized users to gain access to privileged commands via unknown vectors, probably related to incorrect…

  • CVE-2006-3231Jun 27, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.11, when fileServingEnabled is true, allows remote attackers to obtain JSP source code and other sensitive information via "URIs with special characters."

  • CVE-2006-3232Jun 27, 2006
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used."

  • CVE-2006-3068Jun 19, 2006
    risk 0.00cvss epss 0.02

    IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator," which leads to a "memory overwrite."

  • CVE-2006-3066Jun 19, 2006
    risk 0.00cvss epss 0.02

    Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection.

  • CVE-2006-3067Jun 19, 2006
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2)…

Page 160 of 166