| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files. |
| Buffer overflow in lsmcode in AIX 4.3.3. |
| Buffer overflow in AIX libDtSvc library can allow local users to gain root access. |
| Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. |
| dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| Vulnerability in ptrace in AIX 4.3 allows local users to gain privileges by attaching to a setgid program. |
| IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges. |
| The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request. |
| document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program. |
| Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. |
| Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. |
| IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash. |
| IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing. |
| IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument. |
| Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. |
| Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local users to append to arbitrary files. |
| Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument. |
| genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. |
| IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared. |
| AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. |
