IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-12-28
Updated
2011-03-08
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909.
Max CVSS
8.8
EPSS Score
7.99%
Published
2007-12-28
Updated
2018-10-15
Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) Toolkit 8.3 before fix pack 7 for z/OS has unknown impact and attack vectors, related to "scripting."
Max CVSS
10.0
EPSS Score
0.77%
Published
2007-12-27
Updated
2017-08-08
IBM Tivoli Provisioning Manager Express provides unspecified information in error messages when (1) attempted duplication of a username occurs when creating an account or (2) when trying to login using a valid username, which makes it easier for remote attackers to enumerate usernames.
Max CVSS
5.0
EPSS Score
0.33%
Published
2007-12-17
Updated
2018-10-15
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI; or (3) involving unspecified vectors related to "error processing."
Max CVSS
4.3
EPSS Score
0.19%
Published
2007-12-17
Updated
2018-10-15
IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when using Active Directory (AD) LDAP authentication, allows remote attackers to obtain login access via unspecified vectors without entering a password.
Max CVSS
2.1
EPSS Score
0.09%
Published
2007-12-15
Updated
2008-11-15
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."
Max CVSS
4.6
EPSS Score
0.05%
Published
2007-12-10
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI.
Max CVSS
4.3
EPSS Score
0.23%
Published
2007-12-10
Updated
2017-08-08
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands."
Max CVSS
4.9
EPSS Score
0.05%
Published
2007-12-10
Updated
2017-08-08
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 6 R1.3 allow attackers to gain privileges via "some HMC commands."
Max CVSS
10.0
EPSS Score
0.62%
Published
2007-12-10
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2007-12-04
Updated
2011-03-08
IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
Max CVSS
9.3
EPSS Score
0.30%
Published
2007-11-20
Updated
2011-03-08
IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
Max CVSS
7.8
EPSS Score
0.42%
Published
2007-11-20
Updated
2011-03-08
IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
Max CVSS
10.0
EPSS Score
0.31%
Published
2007-11-20
Updated
2012-10-31
Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."
Max CVSS
7.2
EPSS Score
0.05%
Published
2007-11-20
Updated
2011-03-08
Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.
Max CVSS
7.2
EPSS Score
0.05%
Published
2007-11-20
Updated
2011-03-08
IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
Max CVSS
10.0
EPSS Score
0.50%
Published
2007-11-20
Updated
2011-03-08
Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.
Max CVSS
10.0
EPSS Score
0.27%
Published
2007-11-20
Updated
2011-03-08
Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-11-20
Updated
2011-03-08
Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.62%
Published
2007-11-20
Updated
2011-03-08
Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
Max CVSS
10.0
EPSS Score
0.42%
Published
2007-11-20
Updated
2018-10-15
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
Max CVSS
4.9
EPSS Score
0.05%
Published
2007-11-14
Updated
2017-07-29
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-11-14
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.
Max CVSS
3.5
EPSS Score
0.10%
Published
2007-11-14
Updated
2017-07-29
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure.
Max CVSS
4.3
EPSS Score
0.36%
Published
2007-11-14
Updated
2011-03-08
133 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!