Filtered by vendor Ibm
Subscriptions
Total
8188 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3691 | 1 Ibm | 2 Informix Client Sdk, Informix Connect Runtime | 2025-04-09 | N/A |
| Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-0312 | 2 Ibm, Linux | 2 Tivoli Directory Server, Linux Kernel | 2025-04-09 | N/A |
| The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.2 on Linux allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SecureWay 3.2 Event Registration Request (aka a 1.3.18.0.2.12.1 request). | ||||
| CVE-2004-2762 | 1 Ibm | 2 Mvs, Tivoli Storage Manager | 2025-04-09 | N/A |
| The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the HTTP communication method is enabled, allows remote attackers to cause a denial of service (daemon crash or hang) via unspecified HTTP traffic, as demonstrated by the IBM port scanner 1.3.1. | ||||
| CVE-2009-4439 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query. | ||||
| CVE-2009-4326 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | ||||
| CVE-2009-4325 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | ||||
| CVE-2009-3745 | 1 Ibm | 1 Rational Appscan | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2009-3453 | 1 Ibm | 1 Lotus Quickr | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template. | ||||
| CVE-2009-3262 | 1 Ibm | 1 Tivoli Identity Manager | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile. | ||||
| CVE-2009-3089 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-09 | N/A |
| IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
| CVE-2009-2746 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2009-2743 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 before 7.0.0.7, does not properly handle an exception occurring after use of wsadmin scripts and configuration of JAAS-J2C Authentication Data, which allows local users to obtain sensitive information by reading the First Failure Data Capture (FFDC) log file. | ||||
| CVE-2009-2742 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input. | ||||
| CVE-2009-2741 | 1 Ibm | 1 Websphere Business Events | 2025-04-09 | N/A |
| Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2009-2727 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15. | ||||
| CVE-2009-2669 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. | ||||
| CVE-2009-2667 | 1 Ibm | 1 Tklm | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability." | ||||
| CVE-2009-2583 | 1 Ibm | 1 Tivoli Identity Manager | 2025-04-09 | N/A |
| Multiple session fixation vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0.0.6 allow remote attackers to hijack web sessions via unspecified vectors involving the (1) console and (2) self service interfaces. | ||||
| CVE-2009-2092 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not properly read the portletServingEnabled parameter in ibm-portlet-ext.xmi, which allows remote attackers to bypass intended access restrictions via unknown vectors. | ||||
| CVE-2009-2091 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||