Filtered by vendor Ibm
Subscribe
Total
7414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2316 | 1 Ibm | 1 Tivoli Identity Manager | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later reported that 4.6.0 is also affected by the first vector. | |||||
| CVE-2008-2709 | 1 Ibm | 1 Os 400 | 2025-04-09 | 4.7 MEDIUM | N/A |
| Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios. | |||||
| CVE-2008-1596 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to missing checks in the TSD_FILES_LOCK policy for modifications performed via hard links, a different vulnerability than CVE-2007-6680. | |||||
| CVE-2008-6820 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-04-09 | 10.0 HIGH | N/A |
| The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | |||||
| CVE-2007-5022 | 1 Ibm | 1 Tivoli Storage Manager Client | 2025-04-09 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2, when using "server-initiated prompted scheduling," allows remote attackers to read a client's data, aka IC53616. | |||||
| CVE-2009-3852 | 1 Ibm | 1 Runtimes For Java Technology | 2025-04-09 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the XML component in IBM Runtimes for Java Technology 5.0.0 before SR10 has unknown impact and attack vectors, related to the "updated version of XML4J 4.4.17." | |||||
| CVE-2009-1900 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool. | |||||
| CVE-2009-0896 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 10.0 HIGH | N/A |
| Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2006-5835 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file. | |||||
| CVE-2009-1239 | 1 Ibm | 1 Db2 | 2025-04-09 | 5.0 MEDIUM | N/A |
| IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. | |||||
| CVE-2007-3830 | 1 Ibm | 2 Proventia Network Ips Gx5008, Proventia Network Ips Gx5108 | 2025-04-09 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to inject arbitrary web script or HTML via the reminder parameter. | |||||
| CVE-2008-2154 | 1 Ibm | 1 Db2 | 2025-04-09 | 6.0 MEDIUM | N/A |
| IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | |||||
| CVE-2009-1290 | 1 Ibm | 2 Advanced Management Module, Bladecenter | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script. | |||||
| CVE-2008-0696 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.5 HIGH | N/A |
| IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. | |||||
| CVE-2009-3161 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 7.8 HIGH | N/A |
| The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data. | |||||
| CVE-2008-0717 | 1 Ibm | 1 Websphere Edge Server | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response. | |||||
| CVE-2007-5700 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 6.3 MEDIUM | N/A |
| The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some circumstances, which might allow remote authenticated users to gain privileges and obtain sensitive information. | |||||
| CVE-2009-0370 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files." | |||||
| CVE-2008-4801 | 1 Ibm | 2 Tivoli Storage Manager Client, Tivoli Storage Manager Express | 2025-04-09 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the Data Protection for SQL CAD service (aka dsmcat.exe) in the Client Acceptor Daemon (CAD) and the scheduler in the Backup-Archive client 5.1.0.0 through 5.1.8.1, 5.2.0.0 through 5.2.5.2, 5.3.0.0 through 5.3.6.1, 5.4.0.0 through 5.4.2.2, and 5.5.0.0 through 5.5.0.91 in IBM Tivoli Storage Manager (TSM); and the Backup-Archive client in TSM Express; allows remote attackers to execute arbitrary code by sending a large amount of crafted data to a TCP port. | |||||
| CVE-2009-0856 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample applications in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, and 6.1 before 6.1.0.23 on z/OS, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||