Filtered by vendor Ibm
Subscriptions
Total
7996 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2089 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file. | ||||
| CVE-2009-2090 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of service (daemon stop), via unknown vectors. | ||||
| CVE-2009-2093 | 1 Ibm | 1 Websphere Partner Gateway | 2025-04-09 | N/A |
| SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-2094 | 1 Ibm | 1 Websphere Commerce | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors. | ||||
| CVE-2009-0172 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | ||||
| CVE-2009-2212 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | N/A |
| The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors. | ||||
| CVE-2009-0906 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Service Component Architecture (SCA) feature pack for IBM WebSphere Application Server (WAS) SCA 1.0 before 1.0.0.3 allows remote authenticated users to bypass intended authentication.transport access restrictions and obtain unspecified access via unknown vectors. | ||||
| CVE-2009-0904 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests. | ||||
| CVE-2007-4796 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2007-1088 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. | ||||
| CVE-2009-2749 | 1 Ibm | 2 Communications Enabled Applications, Websphere Application Server | 2025-04-09 | N/A |
| Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value. | ||||
| CVE-2007-4795 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name. | ||||
| CVE-2007-3232 | 1 Ibm | 1 Totalstorage Ds400 | 2025-04-09 | N/A |
| The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via certain Linux daemons, including a telnet daemon on a nonstandard port, tcp/6000. | ||||
| CVE-2009-2956 | 1 Ibm | 1 Websphere Commerce Suite | 2025-04-09 | N/A |
| The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere Commerce Suite store sensitive information under the web root with insufficient access control, which allows remote attackers to discover passwords, and database and filesystem details, via direct requests for configuration files. | ||||
| CVE-2007-1087 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | ||||
| CVE-2009-0903 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. | ||||
| CVE-2007-1228 | 2 Ibm, Unix | 2 Db2, Unix | 2025-04-09 | N/A |
| IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | ||||
| CVE-2007-3262 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier allows remote attackers to cause a denial of service related to a thread hang, and possibly related to a "TCP issue," or to MPAlarmThread and a resultant memory leak. | ||||
| CVE-2009-3090 | 2 Ibm, Linux | 2 Tivoli Directory Server, Linux Kernel | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on Linux allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-0178 | 1 Ibm | 1 Hardware Management Console | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors. | ||||