| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter. |
| Buffer overflow in the diagnostics library in AIX allows local users to "cause data and instructions to be overwritten" via a long DIAGNOSTICS environment variable. |
| IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. |
| IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters. |
| Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page. |
| Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. |
| Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code. |
| Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request. |
| Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument. |
| Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. |
| Buffer overflow in AIX rcp command allows local users to obtain root access. |
| Buffer overflow in AIX dtterm program for the CDE. |
| AIX passwd allows local users to gain root access. |
| The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion). |
| The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. |
| Denial of service in BIND named via naptr. |
| The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF. |
| IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files. |
| Local user gains root privileges via buffer overflow in rdist, via expstr() function. |
| A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email. |
