| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. |
| Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email. |
| The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow remote attackers to obtain sensitive information. |
| Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value. |
| cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804. |
| Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command. |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting. |
| Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5. |
| Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2, when using "server-initiated prompted scheduling," allows remote attackers to read a client's data, aka IC53616. |
| Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789. |
| The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. |
| Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information. |
| The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to verify the existence of users and groups on systems and domains via unspecified vectors, a different vulnerability than CVE-2006-6010. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. |
| The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. |
| Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. |
| Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted. |
| The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. |
| rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument. |
| Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field. |
| IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. |
