CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

IBM : Security Vulnerabilities Published In 2007 (Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6593 119 Exec Code Overflow 2007-12-28 2008-09-05
8.8
None Remote Medium Not required Complete Complete None
Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909.
2 CVE-2007-6305 119 Overflow +Priv 2007-12-10 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."
3 CVE-2007-6052 DoS Overflow 2007-11-20 2008-09-05
7.8
None Remote Low Not required None None Complete
IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
4 CVE-2007-5910 119 Exec Code Overflow 2007-11-09 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file.
5 CVE-2007-5909 119 Exec Code Overflow 2007-11-09 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.
6 CVE-2007-5652 119 DoS Overflow Mem. Corr. 2007-10-23 2011-05-12
7.8
None Remote Low Not required None None Complete
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
7 CVE-2007-5559 119 Exec Code Overflow 2007-10-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
8 CVE-2007-4880 119 Exec Code Overflow 2007-09-27 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.
9 CVE-2007-4797 119 Overflow +Priv 2007-09-10 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in unspecified svprint (System V print) commands in bos.svprint.rte in IBM AIX 5.2 and 5.3 allow local users to gain privileges via unspecified vectors.
10 CVE-2007-4796 119 Overflow +Priv 2007-09-10 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
11 CVE-2007-4795 119 Overflow +Priv 2007-09-10 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long ODM name.
12 CVE-2007-4794 119 Overflow +Priv 2007-09-10 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long input parameter.
13 CVE-2007-4793 119 Overflow +Priv 2007-09-10 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
14 CVE-2007-4792 119 Overflow +Priv 2007-09-10 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
15 CVE-2007-4791 119 Overflow +Priv 2007-09-10 2012-11-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the swcons command in bos.rte.console in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2005-3504 and CVE-2007-0978.
16 CVE-2007-4623 119 Exec Code Overflow 2007-11-05 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.
17 CVE-2007-4621 119 Overflow +Priv 2007-11-05 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.
18 CVE-2007-4513 119 Overflow +Priv 2007-11-05 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.
19 CVE-2007-4474 119 3 Exec Code Overflow 2007-12-27 2009-08-19
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
20 CVE-2007-4423 119 DoS Exec Code Overflow 2007-08-18 2011-04-06
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument.
21 CVE-2007-4355 Overflow +Priv 2007-08-14 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the at program on IBM AIX 5.3 allows local users to gain privileges via unspecified vectors.
22 CVE-2007-4354 Overflow +Priv 2007-08-14 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 allows local users to gain privileges via unspecified vectors.
23 CVE-2007-4353 Overflow +Priv 2007-08-14 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods.
24 CVE-2007-4276 119 Exec Code Overflow 2007-08-18 2009-08-24
6.9
None Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer.
25 CVE-2007-4237 Overflow +Priv 2007-08-08 2008-11-15
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.
26 CVE-2007-4236 Overflow +Priv 2007-08-08 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges.
27 CVE-2007-4222 119 Exec Code Overflow 2007-10-29 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email.
28 CVE-2007-4217 119 Overflow +Priv 2007-11-05 2009-07-24
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.
29 CVE-2007-4004 119 Exec Code Overflow 2007-07-26 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.
30 CVE-2007-3680 119 Exec Code Overflow 2007-07-11 2012-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable.
31 CVE-2007-3510 119 Exec Code Overflow 2007-10-29 2008-09-05
9.0
None Remote Low Single system Complete Complete Complete
Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name.
32 CVE-2007-3333 119 Exec Code Overflow 2007-07-26 2011-08-04
6.9
Admin Local Medium Not required Complete Complete Complete
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
33 CVE-2007-2582 119 DoS Exec Code Overflow 2007-05-09 2012-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."
34 CVE-2007-2137 Exec Code Overflow 2007-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute arbitrary code by sending a long string to a certain TCP port.
35 CVE-2007-1944 119 DoS Overflow 2007-04-10 2008-09-05
5.0
None Remote Low Not required None None Partial
The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability.
36 CVE-2007-1798 DoS Exec Code Overflow 2007-04-02 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name.
37 CVE-2007-1739 DoS Overflow 2007-03-28 2008-09-05
7.8
None Remote Low Not required None None Complete
Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation.
38 CVE-2007-1675 DoS Overflow 2007-03-28 2012-11-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.
39 CVE-2007-1088 Exec Code Overflow 2007-02-23 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.
40 CVE-2007-1087 Exec Code Overflow 2007-02-23 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.
41 CVE-2007-0978 Overflow +Priv 2007-02-15 2008-11-15
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data.
42 CVE-2007-0670 119 Exec Code Overflow 2007-02-02 2010-03-29
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via the "r-commands", possibly including (1) rdist, (2) rsh, (3) rcp, (4) rsync, and (5) rlogin.
Total number of vulnerabilities : 42   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.