CVE-2023-28528

Public exploit
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.
Max CVSS
8.4
EPSS Score
0.19%
Published
2023-04-28
Updated
2023-05-18

CVE-2020-4429

Public exploit
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. IBM X-Force ID: 180534.
Max CVSS
10.0
EPSS Score
2.67%
Published
2020-05-07
Updated
2020-05-08

CVE-2020-4428

Known exploited
Public exploit
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM X-Force ID: 180533.
Max CVSS
9.1
EPSS Score
0.40%
Published
2020-05-07
Updated
2020-05-08
CISA KEV Added
2021-11-03

CVE-2020-4427

Known exploited
Public exploit
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. IBM X-Force ID: 180532.
Max CVSS
9.8
EPSS Score
1.83%
Published
2020-05-07
Updated
2022-07-12
CISA KEV Added
2021-11-03

CVE-2019-4716

Known exploited
Public exploit
IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094.
Max CVSS
10.0
EPSS Score
7.05%
Published
2019-12-18
Updated
2023-02-01
CISA KEV Added
2021-11-03

CVE-2019-4279

Public exploit
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially-crafted sequence of serialized objects from untrusted sources. IBM X-Force ID: 160445.
Max CVSS
10.0
EPSS Score
15.19%
Published
2019-05-17
Updated
2023-02-03

CVE-2018-1418

Public exploit
IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass authentication which could lead to code execution. IBM X-Force ID: 138824.
Max CVSS
8.8
EPSS Score
18.01%
Published
2018-04-26
Updated
2019-03-14

CVE-2017-1092

Public exploit
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
Max CVSS
10.0
EPSS Score
96.86%
Published
2017-05-22
Updated
2019-10-03

CVE-2015-7450

Known exploited
Public exploit
Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.
Max CVSS
10.0
EPSS Score
97.12%
Published
2016-01-02
Updated
2017-09-08
CISA KEV Added
2022-01-10

CVE-2015-0235

Public exploit
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."
Max CVSS
10.0
EPSS Score
97.52%
Published
2015-01-28
Updated
2022-07-05

CVE-2012-5946

Public exploit
Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via a long TabCaption string.
Max CVSS
9.3
EPSS Score
96.42%
Published
2013-04-30
Updated
2017-08-29

CVE-2012-2176

Public exploit
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.
Max CVSS
9.3
EPSS Score
76.26%
Published
2012-05-25
Updated
2017-08-29

CVE-2012-2175

Public exploit
Buffer overflow in the Attachment_Times method in a certain ActiveX control in dwa85W.dll in IBM Lotus iNotes 8.5.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a long argument.
Max CVSS
9.3
EPSS Score
96.96%
Published
2012-06-20
Updated
2017-08-29

CVE-2012-2174

Public exploit
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
Max CVSS
9.3
EPSS Score
97.07%
Published
2012-06-20
Updated
2017-08-29

CVE-2012-0708

Public exploit
Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page that leverages a RegisterSchemaRepoFromFileByDbSet function-prototype mismatch.
Max CVSS
9.3
EPSS Score
96.52%
Published
2012-04-22
Updated
2017-12-19

CVE-2012-0202

Public exploit
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.
Max CVSS
10.0
EPSS Score
97.15%
Published
2012-05-04
Updated
2017-08-29

CVE-2012-0201

Public exploit
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
Max CVSS
9.3
EPSS Score
91.21%
Published
2012-03-02
Updated
2017-08-29

CVE-2012-0198

Public exploit
Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.
Max CVSS
9.3
EPSS Score
95.88%
Published
2012-03-06
Updated
2017-08-29

CVE-2011-1220

Public exploit
Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.
Max CVSS
9.0
EPSS Score
97.30%
Published
2011-06-02
Updated
2018-10-09

CVE-2011-1213

Public exploit
Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.
Max CVSS
9.3
EPSS Score
93.89%
Published
2011-05-31
Updated
2017-09-19

CVE-2010-3407

Public exploit
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V.
Max CVSS
9.3
EPSS Score
93.65%
Published
2010-09-16
Updated
2018-10-10

CVE-2009-3853

Public exploit
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
Max CVSS
9.3
EPSS Score
96.82%
Published
2009-11-04
Updated
2018-10-10

CVE-2009-3699

Public exploit
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
Max CVSS
10.0
EPSS Score
75.53%
Published
2009-10-15
Updated
2017-08-17

CVE-2009-2727

Public exploit
Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15.
Max CVSS
9.3
EPSS Score
94.34%
Published
2009-08-10
Updated
2009-08-11

CVE-2009-0215

Public exploit
Stack-based buffer overflow in the GetXMLValue method in the IBM Access Support ActiveX control in IbmEgath.dll, as distributed on IBM and Lenovo computers, allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.3
EPSS Score
94.82%
Published
2009-03-25
Updated
2017-08-08
32 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!