Vendor CVEs
IBM
All CVEs
8,287 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0604 | 0.00 | — | 0.01 | Aug 2, 2001 | Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters. | |||
| CVE-2001-0982 | 0.00 | — | 0.02 | Jul 23, 2001 | Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings. | |||
| CVE-2000-0891 | 0.00 | — | 0.03 | Jul 21, 2001 | A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email. | |||
| CVE-2001-1265 | 0.00 | — | 0.04 | Jul 20, 2001 | Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack. | |||
| CVE-2001-1312 | 0.00 | — | 0.04 | Jul 16, 2001 | Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||
| CVE-2001-1309 | 0.00 | — | 0.05 | Jul 16, 2001 | Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||
| CVE-2001-1313 | 0.00 | — | 0.04 | Jul 16, 2001 | Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite. | |||
| CVE-2001-1310 | 0.00 | — | 0.04 | Jul 16, 2001 | IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite. | |||
| CVE-2001-1143 | 0.00 | — | 0.02 | Jul 11, 2001 | IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789. | |||
| CVE-2001-1441 | 0.00 | — | 0.03 | Jul 2, 2001 | Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message. | |||
| CVE-2001-0389 | 0.00 | — | 0.01 | Jul 2, 2001 | IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. | |||
| CVE-2001-0472 | 0.00 | — | 0.01 | Jun 27, 2001 | Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request. | |||
| CVE-2001-0487 | 0.00 | — | 0.02 | Jun 27, 2001 | AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection. | |||
| CVE-2001-0446 | 0.00 | — | 0.01 | Jun 18, 2001 | IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL. | |||
| CVE-2001-1330 | 0.00 | — | 0.00 | Jun 11, 2001 | Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument. | |||
| CVE-2001-1329 | 0.00 | — | 0.00 | Jun 11, 2001 | Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument. | |||
| CVE-2001-0312 | 0.00 | — | 0.02 | Jun 2, 2001 | IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing. | |||
| CVE-1999-0729 | 0.00 | — | 0.02 | Mar 12, 2001 | Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. | |||
| CVE-2000-1123 | 0.00 | — | 0.00 | Jan 9, 2001 | Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands. | |||
| CVE-2000-1138 | 0.00 | — | 0.01 | Jan 9, 2001 | Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected. | |||
| CVE-2000-1117 | 0.00 | — | 0.03 | Jan 9, 2001 | The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method. | |||
| CVE-2000-1122 | 0.00 | — | 0.00 | Jan 9, 2001 | Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument. | |||
| CVE-2000-1168 | 0.00 | — | 0.02 | Jan 9, 2001 | IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. | |||
| CVE-2000-1239 | 0.00 | — | 0.02 | Dec 31, 2000 | The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified… | |||
| CVE-2000-1038 | 0.00 | — | 0.02 | Dec 11, 2000 | The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request. | |||
| CVE-2000-1222 | 0.00 | — | 0.00 | Dec 10, 2000 | AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program. | |||
| CVE-2000-0677 | 0.00 | — | 0.03 | Oct 20, 2000 | Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. | |||
| CVE-2000-0761 | 0.00 | — | 0.02 | Oct 20, 2000 | OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username. | |||
| CVE-2000-0466 | 0.00 | — | 0.00 | Jun 20, 2000 | AIX cdmount allows local users to gain root privileges via shell metacharacters. | |||
| CVE-2000-0441 | 0.00 | — | 0.01 | May 24, 2000 | Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. | |||
| CVE-2000-0249 | 0.00 | — | 0.00 | Apr 26, 2000 | The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program. | |||
| CVE-2000-1216 | 0.00 | — | 0.00 | Jan 27, 2000 | Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine. | |||
| CVE-2000-0080 | 0.00 | — | 0.00 | Jan 10, 2000 | AIX techlibss allows local users to overwrite files via a symlink attack. | |||
| CVE-1999-1589 | 0.00 | — | 0.00 | Dec 31, 1999 | Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors. | |||
| CVE-1999-0852 | 0.00 | — | 0.00 | Dec 2, 1999 | IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin. | |||
| CVE-1999-0851 | 0.00 | — | 0.00 | Nov 10, 1999 | Denial of service in BIND named via naptr. | |||
| CVE-1999-0835 | 0.00 | — | 0.01 | Nov 10, 1999 | Denial of service in BIND named via malformed SIG records. | |||
| CVE-1999-0903 | 0.00 | — | 0.01 | Oct 26, 1999 | genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. | |||
| CVE-1999-1583 | 0.00 | — | 0.01 | Sep 30, 1999 | Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument. | |||
| CVE-1999-1013 | 0.00 | — | 0.00 | Sep 23, 1999 | named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file. | |||
| CVE-1999-0687 | 0.00 | — | 0.02 | Sep 13, 1999 | The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands. | |||
| CVE-1999-0694 | 0.00 | — | 0.00 | Aug 11, 1999 | Denial of service in AIX ptrace system call allows local users to crash the system. | |||
| CVE-1999-1079 | 0.00 | — | 0.00 | May 6, 1999 | Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program. | |||
| CVE-1999-0429 | 0.00 | — | 0.01 | Mar 1, 1999 | The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. | |||
| CVE-1999-1546 | 0.00 | — | 0.01 | Jan 29, 1999 | netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable. | |||
| CVE-1999-0088 | 0.00 | — | 0.04 | Oct 26, 1998 | IRIX and AIX automountd services (autofsd) allow remote users to execute root commands. | |||
| CVE-1999-1404 | 0.00 | — | 0.01 | Oct 2, 1998 | IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly. | |||
| CVE-1999-1403 | 0.00 | — | 0.00 | Oct 2, 1998 | IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files. | |||
| CVE-1999-1574 | 0.00 | — | 0.03 | Jul 6, 1998 | Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings." | |||
| CVE-1999-1480 | 0.00 | — | 0.00 | Jun 11, 1998 | (1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack. |
- CVE-2001-0604Aug 2, 2001risk 0.00cvss —epss 0.01
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via URL requests (>8Kb) containing a large number of '/' characters.
- CVE-2001-0982Jul 23, 2001risk 0.00cvss —epss 0.02
Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings.
- CVE-2000-0891Jul 21, 2001risk 0.00cvss —epss 0.03
A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.
- CVE-2001-1265Jul 20, 2001risk 0.00cvss —epss 0.04
Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.
- CVE-2001-1312Jul 16, 2001risk 0.00cvss —epss 0.04
Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
- CVE-2001-1309Jul 16, 2001risk 0.00cvss —epss 0.05
Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
- CVE-2001-1313Jul 16, 2001risk 0.00cvss —epss 0.04
Lotus Domino R5 before R5.0.7a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via miscellaneous packets with semi-valid BER encodings, as demonstrated by the PROTOS LDAPv3 test suite.
- CVE-2001-1310Jul 16, 2001risk 0.00cvss —epss 0.04
IBM SecureWay 3.2.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, via invalid encodings for the L field of a BER encoding, as demonstrated by the PROTOS LDAPv3 test suite.
- CVE-2001-1143Jul 11, 2001risk 0.00cvss —epss 0.02
IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.
- CVE-2001-1441Jul 2, 2001risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message.
- CVE-2001-0389Jul 2, 2001risk 0.00cvss —epss 0.01
IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument.
- CVE-2001-0472Jun 27, 2001risk 0.00cvss —epss 0.01
Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) HTTP object allows remote attackers to cause a denial of service (crash) via an extremely long HTTP request.
- CVE-2001-0487Jun 27, 2001risk 0.00cvss —epss 0.02
AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection.
- CVE-2001-0446Jun 18, 2001risk 0.00cvss —epss 0.01
IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
- CVE-2001-1330Jun 11, 2001risk 0.00cvss —epss 0.00
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
- CVE-2001-1329Jun 11, 2001risk 0.00cvss —epss 0.00
Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument.
- CVE-2001-0312Jun 2, 2001risk 0.00cvss —epss 0.02
IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing.
- CVE-1999-0729Mar 12, 2001risk 0.00cvss —epss 0.02
Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.
- CVE-2000-1123Jan 9, 2001risk 0.00cvss —epss 0.00
Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.
- CVE-2000-1138Jan 9, 2001risk 0.00cvss —epss 0.01
Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected.
- CVE-2000-1117Jan 9, 2001risk 0.00cvss —epss 0.03
The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.
- CVE-2000-1122Jan 9, 2001risk 0.00cvss —epss 0.00
Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.
- CVE-2000-1168Jan 9, 2001risk 0.00cvss —epss 0.02
IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
- CVE-2000-1239Dec 31, 2000risk 0.00cvss —epss 0.02
The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file permissions on Tivoli Endpoint Configuration data files via an unspecified…
- CVE-2000-1038Dec 11, 2000risk 0.00cvss —epss 0.02
The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request.
- CVE-2000-1222Dec 10, 2000risk 0.00cvss —epss 0.00
AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.
- CVE-2000-0677Oct 20, 2000risk 0.00cvss —epss 0.03
Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.
- CVE-2000-0761Oct 20, 2000risk 0.00cvss —epss 0.02
OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.
- CVE-2000-0466Jun 20, 2000risk 0.00cvss —epss 0.00
AIX cdmount allows local users to gain root privileges via shell metacharacters.
- CVE-2000-0441May 24, 2000risk 0.00cvss —epss 0.01
Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.
- CVE-2000-0249Apr 26, 2000risk 0.00cvss —epss 0.00
The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.
- CVE-2000-1216Jan 27, 2000risk 0.00cvss —epss 0.00
Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine.
- CVE-2000-0080Jan 10, 2000risk 0.00cvss —epss 0.00
AIX techlibss allows local users to overwrite files via a symlink attack.
- CVE-1999-1589Dec 31, 1999risk 0.00cvss —epss 0.00
Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users to gain root privileges via unknown attack vectors.
- CVE-1999-0852Dec 2, 1999risk 0.00cvss —epss 0.00
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.
- CVE-1999-0851Nov 10, 1999risk 0.00cvss —epss 0.00
Denial of service in BIND named via naptr.
- CVE-1999-0835Nov 10, 1999risk 0.00cvss —epss 0.01
Denial of service in BIND named via malformed SIG records.
- CVE-1999-0903Oct 26, 1999risk 0.00cvss —epss 0.01
genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.
- CVE-1999-1583Sep 30, 1999risk 0.00cvss —epss 0.01
Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument.
- CVE-1999-1013Sep 23, 1999risk 0.00cvss —epss 0.00
named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group to overwrite system files to gain root access via the -f parameter and a malformed zone file.
- CVE-1999-0687Sep 13, 1999risk 0.00cvss —epss 0.02
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
- CVE-1999-0694Aug 11, 1999risk 0.00cvss —epss 0.00
Denial of service in AIX ptrace system call allows local users to crash the system.
- CVE-1999-1079May 6, 1999risk 0.00cvss —epss 0.00
Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program.
- CVE-1999-0429Mar 1, 1999risk 0.00cvss —epss 0.01
The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.
- CVE-1999-1546Jan 29, 1999risk 0.00cvss —epss 0.01
netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable.
- CVE-1999-0088Oct 26, 1998risk 0.00cvss —epss 0.04
IRIX and AIX automountd services (autofsd) allow remote users to execute root commands.
- CVE-1999-1404Oct 2, 1998risk 0.00cvss —epss 0.01
IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote attackers to cause a denial of service (resource exhaustion) via malformed data to the localtracker client port (5011), which prevents the connection from being closed properly.
- CVE-1999-1403Oct 2, 1998risk 0.00cvss —epss 0.00
IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files.
- CVE-1999-1574Jul 6, 1998risk 0.00cvss —epss 0.03
Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings."
- CVE-1999-1480Jun 11, 1998risk 0.00cvss —epss 0.00
(1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack.
Page 165 of 166