VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2005-4068Dec 8, 2005
    risk 0.00cvss epss 0.00

    Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.

  • CVE-2005-3760Nov 22, 2005
    risk 0.00cvss epss 0.01

    Double free vulnerability in the BBOORB module in IBM WebSphere Application Server for z/OS 5.0 allows attackers to cause a denial of service (ABEND).

  • CVE-2005-3749Nov 22, 2005
    risk 0.00cvss epss 0.00

    Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.

  • CVE-2005-3642Nov 16, 2005
    risk 0.00cvss epss 0.01

    IBM Informix Dynamic Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account by supplying an invalid username.

  • CVE-2005-3643Nov 16, 2005
    risk 0.00cvss epss 0.01

    IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password.

  • CVE-2005-3569Nov 16, 2005
    risk 0.00cvss epss 0.01

    INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files.

  • CVE-2005-3567Nov 16, 2005
    risk 0.00cvss epss 0.01

    slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 binds using SASL EXTERNAL, which allows attackers to bypass authentication and modify and delete directory data via unknown attack vectors.

  • CVE-2005-3568Nov 16, 2005
    risk 0.00cvss epss 0.00

    db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."

  • CVE-2005-3504Nov 5, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code.

  • CVE-2005-3396Nov 1, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.

  • CVE-2005-3289Oct 23, 2005
    risk 0.00cvss epss 0.00

    LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file.

  • CVE-2005-3060Sep 30, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors.

  • CVE-2005-3015Sep 21, 2005
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters.

  • CVE-2005-2994Sep 20, 2005
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS).

  • CVE-2005-2696Aug 26, 2005
    risk 0.00cvss epss 0.02

    IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and…

  • CVE-2005-2234Jul 12, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.

  • CVE-2005-2235Jul 12, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.

  • CVE-2005-2233Jul 12, 2005
    risk 0.00cvss epss 0.00

    Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.

  • CVE-2005-2237Jul 12, 2005
    risk 0.00cvss epss 0.00

    Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments.

  • CVE-2005-2238Jul 12, 2005
    risk 0.00cvss epss 0.01

    ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports.

  • CVE-2005-2170Jul 11, 2005
    risk 0.00cvss epss 0.02

    The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data.

  • CVE-2005-2091Jul 5, 2005
    risk 0.00cvss epss 0.02

    IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to…

  • CVE-2005-2073Jun 29, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.

  • CVE-2005-1872Jun 3, 2005
    risk 0.00cvss epss 0.03

    Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code.

  • CVE-2005-1441May 3, 2005
    risk 0.00cvss epss 0.02

    Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC).

  • CVE-2005-1405May 3, 2005
    risk 0.00cvss epss 0.00

    HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications.

  • CVE-2005-1442May 3, 2005
    risk 0.00cvss epss 0.00

    Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file.

  • CVE-2005-1133May 2, 2005
    risk 0.00cvss epss 0.02

    The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.

  • CVE-2005-1182May 2, 2005
    risk 0.00cvss epss 0.01

    Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs.

  • CVE-2005-0991May 2, 2005
    risk 0.00cvss epss 0.00

    RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files.

  • CVE-2005-0425May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the…

  • CVE-2005-0868May 2, 2005
    risk 0.00cvss epss 0.02

    AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by…

  • CVE-2005-1176May 2, 2005
    risk 0.00cvss epss 0.00

    Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.

  • CVE-2005-0250May 2, 2005
    risk 0.00cvss epss 0.01

    Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument.

  • CVE-2005-1238May 2, 2005
    risk 0.00cvss epss 0.02

    By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.

  • CVE-2005-1101May 2, 2005
    risk 0.00cvss epss 0.03

    Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields.

  • CVE-2005-1037May 2, 2005
    risk 0.00cvss epss 0.02

    Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.

  • CVE-2005-0899May 2, 2005
    risk 0.00cvss epss 0.00

    AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search.

  • CVE-2005-0539May 2, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard.

  • CVE-2005-0240May 2, 2005
    risk 0.00cvss epss 0.00

    Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message.

  • CVE-2005-1025May 2, 2005
    risk 0.00cvss epss 0.02

    The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.

  • CVE-2005-0417Apr 27, 2005
    risk 0.00cvss epss 0.02

    Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as…

  • CVE-2005-0261Feb 10, 2005
    risk 0.00cvss epss 0.00

    lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.

  • CVE-2004-1028Jan 10, 2005
    risk 0.00cvss epss 0.00

    Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.

  • CVE-2004-2388Dec 31, 2004
    risk 0.00cvss epss 0.02

    rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.

  • CVE-2004-2369Dec 31, 2004
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command.

  • CVE-2004-2489Dec 31, 2004
    risk 0.00cvss epss 0.00

    Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename.

  • CVE-2004-2478Dec 31, 2004
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot)…

  • CVE-2004-2490Dec 31, 2004
    risk 0.00cvss epss 0.00

    Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable.

  • CVE-2004-2319Dec 31, 2004
    risk 0.00cvss epss 0.00

    IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.

Page 162 of 166