Filtered by vendor Ibm
Subscriptions
Total
8199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2859 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | ||||
| CVE-2009-3106 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. | ||||
| CVE-2009-3105 | 1 Ibm | 1 Domino Web Access | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC. | ||||
| CVE-2009-3114 | 1 Ibm | 1 Lotus Notes | 2026-04-23 | N/A |
| The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K. | ||||
| CVE-2009-0172 | 1 Ibm | 1 Db2 Universal Database | 2026-04-23 | N/A |
| Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | ||||
| CVE-2009-3159 | 1 Ibm | 1 Websphere Mq | 2026-04-23 | N/A |
| Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2009-3161 | 1 Ibm | 1 Websphere Mq | 2026-04-23 | N/A |
| The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows attackers to cause a denial of service (trap) or possibly have unspecified other impact via malformed data. | ||||
| CVE-2009-2088 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when SPNEGO Single Sign-on (SSO) and disableSecurityPreInvokeOnFilters are configured, allows remote attackers to bypass authentication via a request for a "secure URL," related to a certain invokefilterscompatibility property. | ||||
| CVE-2009-2089 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file. | ||||
| CVE-2009-2090 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Unspecified vulnerability in wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 allows remote attackers to bypass intended Java Management Extensions (JMX) Management Beans (aka MBeans) access restrictions, and cause a denial of service (daemon stop), via unknown vectors. | ||||
| CVE-2009-2087 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. | ||||
| CVE-2009-2094 | 1 Ibm | 1 Websphere Commerce | 2026-04-23 | N/A |
| Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise before 6.0.0.8, when trace is enabled, allows local users to obtain sensitive information via unknown vectors. | ||||
| CVE-2009-2212 | 1 Ibm | 1 Rational Clearquest | 2026-04-23 | N/A |
| The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows attackers to discover a (1) username or (2) password via unspecified vectors. | ||||
| CVE-2007-5764 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long command line option. | ||||
| CVE-2009-2434 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2007-5798 | 1 Ibm | 1 Websphere Application Server | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters. | ||||
| CVE-2009-2667 | 1 Ibm | 1 Tklm | 2026-04-23 | N/A |
| Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability." | ||||
| CVE-2009-2669 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. | ||||
| CVE-2009-2741 | 1 Ibm | 1 Websphere Business Events | 2026-04-23 | N/A |
| Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2007-5804 | 1 Ibm | 1 Aix | 2026-04-23 | N/A |
| cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument. | ||||