Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-02-15
Updated
2017-07-20
IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-04-11
Updated
2017-07-29
The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not verify privileges when processing a SET call, which allows local users to cause a denial of service (system hang or crash) via unspecified SET operations.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-09-10
Updated
2011-03-08
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
Max CVSS
4.9
EPSS Score
0.05%
Published
2007-11-14
Updated
2017-07-29
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 3 R3.7 allow attackers to gain privileges via "some HMC commands."
Max CVSS
4.9
EPSS Score
0.05%
Published
2007-12-10
Updated
2017-08-08
The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows local users to obtain sensitive information via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-02-05
Updated
2017-08-08
The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing JFS2 filesystems on concurrent volume groups spread across multiple nodes, which allows local users of one node to cause a denial of service (remote node crash) by using chfs or lreducelv to reduce a filesystem's size.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not properly enforce directory permissions when a file executing from a directory has weaker permissions than the directory itself, which allows local users to obtain sensitive information.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
The WPAR system call implementation in the kernel in IBM AIX 6.1 allows local users to cause a denial of service via unknown calls that trigger "undefined behavior."
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-03-31
Updated
2017-09-29
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-11
Updated
2017-09-29
The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a timer is unused before deallocating this timer, which might allow attackers to cause a denial of service (system crash) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.14%
Published
2011-01-25
Updated
2017-08-17
IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2011-11-11
Updated
2017-08-17
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.
Max CVSS
4.9
EPSS Score
0.36%
Published
2011-05-03
Updated
2017-09-19
The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly implement the dupmsg system call, which allows local users to cause a denial of service (system crash) via a crafted application.
Max CVSS
4.9
EPSS Score
0.04%
Published
2012-07-30
Updated
2021-08-31
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.
Max CVSS
4.9
EPSS Score
0.04%
Published
2012-06-20
Updated
2021-08-31
Cross-site request forgery (CSRF) vulnerability in the Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote authenticated users to hijack the authentication of arbitrary users.
Max CVSS
4.9
EPSS Score
0.09%
Published
2013-10-10
Updated
2017-08-29
Buffer overflow in the Launcher in IBM WebSphere Transformation Extender 8.4.x before 8.4.0.4 allows local users to cause a denial of service (process crash or Admin Console command-stream outage) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2014-02-06
Updated
2017-08-29
Open redirect vulnerability in IBM Rational Requirements Composer before 4.0.4 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
Max CVSS
4.9
EPSS Score
0.07%
Published
2013-09-12
Updated
2017-08-29
IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct phishing attacks via a crafted web site.
Max CVSS
4.9
EPSS Score
0.17%
Published
2013-08-06
Updated
2017-08-29
Open redirect vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.10%
Published
2014-03-26
Updated
2017-08-29
IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.15%
Published
2013-12-22
Updated
2017-08-29
The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to conduct phishing attacks via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.11%
Published
2013-10-16
Updated
2017-08-29
IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not properly restrict use of FRAME elements, which allows remote authenticated users to bypass intended access restrictions or obtain sensitive information via a crafted web site, related to a "frame injection" issue.
Max CVSS
4.9
EPSS Score
0.09%
Published
2013-12-21
Updated
2017-08-29
Session fixation vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 IF5 and 11.0 before IF1 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1 IF11 allows remote authenticated users to hijack web sessions via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.14%
Published
2013-12-19
Updated
2017-08-29
IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command.
Max CVSS
4.9
EPSS Score
0.14%
Published
2013-12-07
Updated
2017-08-29
1249 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!