Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Ibm Subscribe
Total 6536 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-0131 8 Bsdi, Digital, Eric Allman and 5 more 9 Bsd Os, Osf 1, Sendmail and 6 more 2008-09-09 7.2 HIGH N/A
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
CVE-1999-0087 1 Ibm 1 Aix 2008-09-09 5.0 MEDIUM N/A
Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.
CVE-1999-0014 3 Cde, Hp, Ibm 4 Cde, Hp-ux, Vvos and 1 more 2008-09-09 7.2 HIGH N/A
Unauthorized privileged access or denial of service via dtappgather program in CDE.
CVE-1999-0101 1 Ibm 1 Aix 2008-09-09 10.0 HIGH N/A
Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.
CVE-1999-0048 3 Debian, Ibm, Nec 5 Netkit, Aix, Asl Ux 4800 and 2 more 2008-09-09 10.0 HIGH N/A
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.
CVE-1999-0113 1 Ibm 1 Aix 2008-09-09 10.0 HIGH N/A
Some implementations of rlogin allow root access if given a -froot parameter.
CVE-1999-0115 1 Ibm 1 Aix 2008-09-09 7.2 HIGH N/A
AIX bugfiler program allows local users to gain root access.
CVE-1999-0116 1 Ibm 2 Aix, Sng 2008-09-09 5.0 MEDIUM N/A
Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.
CVE-2007-5559 1 Ibm 1 Thinkvantage Tpm 2008-09-05 10.0 HIGH N/A
Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-5757 1 Ibm 1 Db2 Universal Database 2008-09-05 6.9 MEDIUM N/A
Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697.
CVE-2007-4309 1 Ibm 1 Lotus Notes 2008-09-05 3.5 LOW N/A
IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696.
CVE-2007-3676 1 Ibm 1 Db2 2008-09-05 10.0 HIGH N/A
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.
CVE-2007-1941 1 Ibm 1 Lotus Notes 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843.
CVE-2006-7164 3 Ibm, Linux, Unix 3 Websphere Application Server, Linux Kernel, Unix 2008-09-05 4.3 MEDIUM N/A
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
CVE-2006-6638 1 Ibm 1 Db2 Universal Database 2008-09-05 5.0 MEDIUM N/A
IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.
CVE-2006-6836 1 Ibm 1 Os 400 2008-09-05 10.0 HIGH N/A
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
CVE-2006-3778 1 Ibm 1 Lotus Notes 2008-09-05 5.0 MEDIUM N/A
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.
CVE-2006-1948 1 Ibm 1 Lotus Notes 2008-09-05 4.0 MEDIUM N/A
The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient.
CVE-2005-4735 1 Ibm 1 Db2 Universal Database 2008-09-05 6.8 MEDIUM N/A
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817.
CVE-2005-4736 1 Ibm 1 Db2 Universal Database 2008-09-05 6.8 MEDIUM N/A
IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks.