VYPR

Vendor CVEs

IBM

All CVEs

8,287 total · sorted by risk
  • CVE-2001-0604Aug 2, 2001
    risk 0.00cvss epss 0.01

    Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters.

  • CVE-2001-0982Jul 23, 2001
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings.

  • CVE-2000-0891Jul 21, 2001
    risk 0.00cvss epss 0.03

    A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.

  • CVE-2001-1265Jul 20, 2001
    risk 0.00cvss epss 0.04

    Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.

  • CVE-2001-1312Jul 16, 2001
    risk 0.00cvss epss 0.04

    Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

  • CVE-2001-1309Jul 16, 2001
    risk 0.00cvss epss 0.05

    Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

  • CVE-2001-1313Jul 16, 2001
    risk 0.00cvss epss 0.04

    Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.

  • CVE-2001-1310Jul 16, 2001
    risk 0.00cvss epss 0.04

    IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite.

  • CVE-2001-1143Jul 11, 2001
    risk 0.00cvss epss 0.02

    IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.

  • CVE-2001-1441Jul 2, 2001
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.

  • CVE-2001-0389Jul 2, 2001
    risk 0.00cvss epss 0.01

    IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.

  • CVE-2001-0472Jun 27, 2001
    risk 0.00cvss epss 0.01

    Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request.

  • CVE-2001-0487Jun 27, 2001
    risk 0.00cvss epss 0.02

    AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection.

  • CVE-2001-0446Jun 18, 2001
    risk 0.00cvss epss 0.01

    IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.

  • CVE-2001-1330Jun 11, 2001
    risk 0.00cvss epss 0.00

    Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.

  • CVE-2001-1329Jun 11, 2001
    risk 0.00cvss epss 0.00

    Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.

  • CVE-2001-0312Jun 2, 2001
    risk 0.00cvss epss 0.02

    IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing.

  • CVE-1999-0729Mar 12, 2001
    risk 0.00cvss epss 0.02

    Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.

  • CVE-2000-1123Jan 9, 2001
    risk 0.00cvss epss 0.00

    Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.

  • CVE-2000-1138Jan 9, 2001
    risk 0.00cvss epss 0.01

    Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected.

  • CVE-2000-1117Jan 9, 2001
    risk 0.00cvss epss 0.03

    The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.

  • CVE-2000-1122Jan 9, 2001
    risk 0.00cvss epss 0.00

    Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.

  • CVE-2000-1168Jan 9, 2001
    risk 0.00cvss epss 0.02

    IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

  • CVE-2000-1239Dec 31, 2000
    risk 0.00cvss epss 0.02

    The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified…

  • CVE-2000-1038Dec 11, 2000
    risk 0.00cvss epss 0.02

    The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request.

  • CVE-2000-1222Dec 10, 2000
    risk 0.00cvss epss 0.00

    AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.

  • CVE-2000-0677Oct 20, 2000
    risk 0.00cvss epss 0.03

    Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.

  • CVE-2000-0761Oct 20, 2000
    risk 0.00cvss epss 0.02

    OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.

  • CVE-2000-0466Jun 20, 2000
    risk 0.00cvss epss 0.00

    AIX cdmount allows local users to gain root privileges via shell metacharacters.

  • CVE-2000-0441May 24, 2000
    risk 0.00cvss epss 0.01

    Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.

  • CVE-2000-0249Apr 26, 2000
    risk 0.00cvss epss 0.00

    The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.

  • CVE-2000-1216Jan 27, 2000
    risk 0.00cvss epss 0.00

    Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine.

  • CVE-2000-0080Jan 10, 2000
    risk 0.00cvss epss 0.00

    AIX techlibss allows local users to overwrite files via a symlink attack.

  • CVE-1999-1589Dec 31, 1999
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.

  • CVE-1999-0852Dec 2, 1999
    risk 0.00cvss epss 0.00

    IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.

  • CVE-1999-0851Nov 10, 1999
    risk 0.00cvss epss 0.00

    Denial of service in BIND named via naptr.

  • CVE-1999-0835Nov 10, 1999
    risk 0.00cvss epss 0.01

    Denial of service in BIND named via malformed SIG records.

  • CVE-1999-0903Oct 26, 1999
    risk 0.00cvss epss 0.01

    genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.

  • CVE-1999-1583Sep 30, 1999
    risk 0.00cvss epss 0.01

    Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument.

  • CVE-1999-1013Sep 23, 1999
    risk 0.00cvss epss 0.00

    named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file.

  • CVE-1999-0687Sep 13, 1999
    risk 0.00cvss epss 0.02

    The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

  • CVE-1999-0694Aug 11, 1999
    risk 0.00cvss epss 0.00

    Denial of service in AIX ptrace system call allows local users to crash the system.

  • CVE-1999-1079May 6, 1999
    risk 0.00cvss epss 0.00

    Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.

  • CVE-1999-0429Mar 1, 1999
    risk 0.00cvss epss 0.01

    The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.

  • CVE-1999-1546Jan 29, 1999
    risk 0.00cvss epss 0.01

    netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable.

  • CVE-1999-0088Oct 26, 1998
    risk 0.00cvss epss 0.04

    IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.

  • CVE-1999-1404Oct 2, 1998
    risk 0.00cvss epss 0.01

    IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly.

  • CVE-1999-1403Oct 2, 1998
    risk 0.00cvss epss 0.00

    IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files.

  • CVE-1999-1574Jul 6, 1998
    risk 0.00cvss epss 0.03

    Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings."

  • CVE-1999-1480Jun 11, 1998
    risk 0.00cvss epss 0.00

    (1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.

Page 165 of 166