| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header. |
| The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files. |
| Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands. |
| The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. |
| IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form. |
| Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges. |
| Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument. |
| Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files. |
| IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. |
| Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. |
| Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments. |
| cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files. |
| Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. |
| IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP). |
| Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. |
| The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. |
| Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and 5.1 allows remote attackers to execute arbitrary code. |
| IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail. |
| Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. |
| Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields. |
