| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard. |
| IBM UniVerse with UV/ODBC allows attackers to cause a denial of service (client crash or server CPU consumption) via a query with an invalid link between tables, possibly via a buffer overflow. |
| IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. |
| pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
| Denial of service in BIND named via malformed SIG records. |
| Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine. |
| Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument. |
| webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request. |
| ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable to include the user's own CLASSPATH directories before the system's directories, which allows a malicious local user to execute arbitrary code as root via a Trojan horse Ikeyman class. |
| Buffer overflow in AIX lquerylv program gives root access to local users. |
| Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error. |
| Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter. |
| IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any flags set. |
| Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. |
| netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on IBM AIX exports /tmp over NFS as world-readable and world-writable. |
| IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789. |
| Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument. |
| AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled. |
| IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. |
| ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. |
