VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2002-1689Dec 31, 2002
    risk 0.00cvss epss 0.02

    Unknown vulnerability in the login program on AIX before 4.0 could allow remote users to specify 100 or more environment variables when logging on, which exceeds the length of a certain string, possibly triggering a buffer overflow.

  • CVE-2002-2372Dec 31, 2002
    risk 0.00cvss epss 0.02

    The telnet server in Infoprint 21 running controller software before 1.056007 allows remote attackers to cause a denial of service (crash) via a long username, possibly due to a buffer overflow.

  • CVE-2002-1687Dec 31, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable.

  • CVE-2002-1822Dec 31, 2002
    risk 0.00cvss epss 0.02

    IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP).

  • CVE-2002-1624Dec 31, 2002
    risk 0.00cvss epss 0.04

    Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP Authenticate header containing certain non-ASCII characters.

  • CVE-2002-1622Dec 31, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attackers to execute arbitrary code, related to a "variable data type."

  • CVE-2002-1201Oct 28, 2002
    risk 0.00cvss epss 0.02

    IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a flood of malformed TCP packets without any flags set, which prevents AIX from releasing the associated memory buffers.

  • CVE-2002-1203Oct 28, 2002
    risk 0.00cvss epss 0.02

    IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any flags set.

  • CVE-2002-1153Oct 11, 2002
    risk 0.00cvss epss 0.03

    IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".

  • CVE-2002-1041Oct 4, 2002
    risk 0.00cvss epss 0.01

    Unknown vulnerability in DCE (1) SMIT panels and (2) configuration commands, possibly related to relative pathnames.

  • CVE-2002-1011Oct 4, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.

  • CVE-2002-1040Oct 4, 2002
    risk 0.00cvss epss 0.01

    Unknown vulnerability in the WebSecure (DFSWeb) configuration utilities in AIX 4.x, possibly related to relative pathnames.

  • CVE-2002-1012Oct 4, 2002
    risk 0.00cvss epss 0.03

    Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.

  • CVE-2002-0742Aug 12, 2002
    risk 0.00cvss epss 0.01

    Buffer overflow in pioout on AIX 4.3.3.

  • CVE-2002-0743Aug 12, 2002
    risk 0.00cvss epss 0.01

    mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.

  • CVE-2002-0746Aug 12, 2002
    risk 0.00cvss epss 0.02

    Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument.

  • CVE-2002-0745Aug 12, 2002
    risk 0.00cvss epss 0.01

    Buffer overflow in uucp in AIX 4.3.3.

  • CVE-2002-0744Aug 12, 2002
    risk 0.00cvss epss 0.01

    namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.

  • CVE-2002-0790Aug 12, 2002
    risk 0.00cvss epss 0.00

    clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.

  • CVE-2002-1450Jul 31, 2002
    risk 0.00cvss epss 0.01

    IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow.

  • CVE-2002-0541Jul 3, 2002
    risk 0.00cvss epss 0.04

    Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Agents 3.1 through 5.1, and (2) the TSM Client Acceptor Service 4.2 and 5.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port…

  • CVE-2002-0555Jul 3, 2002
    risk 0.00cvss epss 0.02

    IBM Informix Web DataBlade 4.12 unescapes user input even if an application has escaped it, which could allow remote attackers to execute SQL code in a web form even when the developer has attempted to escape it.

  • CVE-2002-0245May 29, 2002
    risk 0.00cvss epss 0.03

    Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP…

  • CVE-2002-0037Apr 22, 2002
    risk 0.00cvss epss 0.03

    Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object.

  • CVE-2002-1620Apr 1, 2002
    risk 0.00cvss epss 0.02

    Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PSSP) 3.1.1, 3.2, and 3.4 allows remote attackers to read arbitrary files from a file collection.

  • CVE-2002-0087Mar 15, 2002
    risk 0.00cvss epss 0.00

    bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.

  • CVE-2002-0086Mar 15, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.

  • CVE-2002-1619Mar 8, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attackers to cause a denial of service (crash and core dump).

  • CVE-2001-1079Feb 13, 2002
    risk 0.00cvss epss 0.00

    create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service.

  • CVE-2002-1594Jan 2, 2002
    risk 0.00cvss epss 0.01

    Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.

  • CVE-2001-1567Dec 31, 2001
    risk 0.00cvss epss 0.02

    Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are…

  • CVE-2001-1557Dec 31, 2001
    risk 0.00cvss epss 0.01

    Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges.

  • CVE-2001-1504Dec 31, 2001
    risk 0.00cvss epss 0.02

    Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message.

  • CVE-2001-1529Dec 31, 2001
    risk 0.00cvss epss 0.01

    Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string. NOTE: due to lack of details in the vendor advisory, it is not clear if this is the same issue as CVE-2001-0779.

  • CVE-2001-1554Dec 31, 2001
    risk 0.00cvss epss 0.01

    IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.

  • CVE-2001-1440Dec 21, 2001
    risk 0.00cvss epss 0.05

    Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system.

  • CVE-2001-1189Dec 13, 2001
    risk 0.00cvss epss 0.00

    IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script.

  • CVE-2001-1191Dec 11, 2001
    risk 0.00cvss epss 0.01

    WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e.

  • CVE-2001-0954Dec 7, 2001
    risk 0.00cvss epss 0.02

    Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.

  • CVE-2001-0671Dec 6, 2001
    risk 0.00cvss epss 0.05

    Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges.

  • CVE-2001-0824Dec 6, 2001
    risk 0.00cvss epss 0.02

    Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.

  • CVE-2001-1095Oct 9, 2001
    risk 0.00cvss epss 0.00

    Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter.

  • CVE-2001-1096Oct 9, 2001
    risk 0.00cvss epss 0.00

    Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.

  • CVE-2001-0998Sep 24, 2001
    risk 0.00cvss epss 0.03

    IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.

  • CVE-2000-1215Sep 19, 2001
    risk 0.00cvss epss 0.02

    The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information.

  • CVE-2001-0962Sep 19, 2001
    risk 0.00cvss epss 0.02

    IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.

  • CVE-2001-1061Aug 31, 2001
    risk 0.00cvss epss 0.02

    Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error.

  • CVE-2000-1202Aug 31, 2001
    risk 0.00cvss epss 0.01

    ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class.

  • CVE-2001-0533Aug 14, 2001
    risk 0.00cvss epss 0.00

    Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.

  • CVE-2001-0573Aug 2, 2001
    risk 0.00cvss epss 0.00

    lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.