# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
40301 |
CVE-2014-6163 |
79 |
|
XSS |
2014-12-11 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability on the IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
40302 |
CVE-2014-6161 |
79 |
|
XSS |
2014-11-08 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact 6.1.1 before 6.1.1.1-TIV-NCI-IF0001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
40303 |
CVE-2014-6160 |
264 |
|
Bypass |
2014-12-28 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. |
40304 |
CVE-2014-6159 |
20 |
|
DoS |
2014-11-08 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. |
40305 |
CVE-2014-6155 |
22 |
|
Dir. Trav. |
2014-12-24 |
2017-09-07 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Multiple directory traversal vulnerabilities in the ServiceRegistry UI in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allow remote authenticated users to read arbitrary files via unspecified vectors. |
40306 |
CVE-2014-6153 |
310 |
|
|
2014-12-24 |
2017-09-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
The Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3.x through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. |
40307 |
CVE-2014-6152 |
79 |
|
XSS |
2014-10-25 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Integrated Portal (TIP) 2.2.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
40308 |
CVE-2014-6151 |
20 |
|
Http R.Spl. |
2014-10-25 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. |
40309 |
CVE-2014-6150 |
79 |
|
XSS |
2014-10-31 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.0 through 7.2.1.6 and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
40310 |
CVE-2014-6149 |
22 |
|
Dir. Trav. |
2014-10-29 |
2017-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Directory traversal vulnerability in BIRT-viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 allows remote authenticated users to read arbitrary files via unspecified vectors. |
40311 |
CVE-2014-6148 |
287 |
|
+Info |
2014-10-31 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted URL. |
40312 |
CVE-2014-6147 |
200 |
|
+Priv +Info |
2015-02-18 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, 1.3.1.0, and 1.3.2.0 allows local users to obtain sensitive information, and consequently gain privileges or conduct impersonation attacks, via unspecified vectors. |
40313 |
CVE-2014-6146 |
200 |
|
+Info |
2014-11-08 |
2017-09-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the Connect:Direct Server Adapter is configured, does not properly process the logging configuration, which allows local users to obtain sensitive information by reading log files. |
40314 |
CVE-2014-6145 |
79 |
|
XSS |
2014-12-12 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
40315 |
CVE-2014-6144 |
79 |
|
XSS |
2015-03-12 |
2015-11-19 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
40316 |
CVE-2014-6143 |
200 |
|
+Info |
2014-12-11 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows local users to obtain sensitive information by reading a response. |
40317 |
CVE-2014-6139 |
264 |
|
Bypass |
2015-02-12 |
2015-02-17 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying a false value for the filterByCurrentUser parameter. |
40318 |
CVE-2014-6138 |
200 |
|
Bypass +Info |
2014-12-12 |
2017-09-07 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 allows remote authenticated users to bypass intended grid-data access restrictions via unspecified vectors. |
40319 |
CVE-2014-6137 |
79 |
|
XSS |
2015-02-15 |
2017-09-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
40320 |
CVE-2014-6136 |
310 |
|
+Info |
2015-02-01 |
2017-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports unencrypted sessions, which allows remote attackers to obtain sensitive information by sniffing the network. |
40321 |
CVE-2014-6135 |
20 |
|
|
2014-12-22 |
2017-09-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
40322 |
CVE-2014-6134 |
200 |
|
+Info |
2015-03-24 |
2015-03-25 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account. |
40323 |
CVE-2014-6133 |
|
|
+Info |
2014-10-26 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
IBM API Management 3.x before 3.0.1.0 allows local users to obtain sensitive ciphertext information via unspecified vectors. |
40324 |
CVE-2014-6132 |
79 |
|
XSS |
2014-12-24 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
40325 |
CVE-2014-6131 |
200 |
|
+Info |
2015-03-18 |
2015-03-18 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors. |
40326 |
CVE-2014-6130 |
200 |
|
+Info |
2014-11-04 |
2017-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS. |
40327 |
CVE-2014-6129 |
264 |
|
|
2015-03-18 |
2015-03-18 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors. |
40328 |
CVE-2014-6126 |
79 |
|
XSS |
2014-10-28 |
2017-09-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
40329 |
CVE-2014-6125 |
352 |
|
XSS CSRF |
2014-10-28 |
2017-09-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Portal 8.5.0 before CF03 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. |
40330 |
CVE-2014-6123 |
200 |
|
+Info |
2014-12-28 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs. |
40331 |
CVE-2014-6122 |
264 |
|
Exec Code |
2014-12-22 |
2017-09-07 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to write to arbitrary folders, and consequently execute arbitrary commands, via a modified argument. |
40332 |
CVE-2014-6121 |
79 |
|
XSS |
2014-12-22 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
40333 |
CVE-2014-6116 |
287 |
|
Bypass |
2014-10-18 |
2017-09-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
The Telemetry Component in WebSphere MQ 8.0.0.1 before p000-001-L140910 allows remote attackers to bypass authentication by setting the JAASConfig property in an MQTT client configuration. |
40334 |
CVE-2014-6115 |
200 |
|
Bypass +Info |
2015-02-24 |
2015-02-25 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
IBM Rational Insight 1.1.1.5 allows remote attackers to bypass authentication and obtain sensitive information via a crafted request to a Jazz Reporting Service (JRS) report URL. |
40335 |
CVE-2014-6114 |
200 |
|
+Info |
2014-12-11 |
2017-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Hosted Transparent Decision Service in the Rule Execution Server in IBM WebSphere ILOG JRules 7.1 before MP1 FP5 IF43; WebSphere Operational Decision Management 7.5 before FP3 IF41; and Operational Decision Manager 8.0 before MP1 FP2 IF34, 8.5 before MP1 FP1 IF43, and 8.6 before IF8 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
40336 |
CVE-2014-6113 |
79 |
|
XSS |
2015-02-15 |
2017-09-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Web Reports component in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
40337 |
CVE-2014-6112 |
200 |
|
+Info |
2018-04-20 |
2018-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 make it easier for remote attackers to obtain sensitive information by leveraging support for weak SSL ciphers. IBM X-Force ID: 96184. |
40338 |
CVE-2014-6111 |
255 |
|
|
2018-04-20 |
2018-05-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 store encrypted user credentials and the keystore password in cleartext in configuration files, which allows local users to decrypt SIM credentials via unspecified vectors. IBM X-Force ID: 96180. |
40339 |
CVE-2014-6110 |
284 |
|
|
2014-11-17 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not properly perform logout actions, which allows remote attackers to access sessions by leveraging an unattended workstation. |
40340 |
CVE-2014-6109 |
284 |
|
Bypass +Info |
2018-04-20 |
2018-05-22 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related to server side LDAP queries. IBM X-Force ID: 96173. |
40341 |
CVE-2014-6108 |
200 |
|
+Info |
2018-04-20 |
2018-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 might allow man-in-the-middle attackers to obtain sensitive information by leveraging an unencrypted connection for interfaces. IBM X-Force ID: 96172. |
40342 |
CVE-2014-6107 |
200 |
|
+Info |
2014-11-17 |
2017-09-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. |
40343 |
CVE-2014-6106 |
352 |
|
XSS CSRF |
2017-09-18 |
2017-09-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspecified impacts via unknown vectors. |
40344 |
CVE-2014-6105 |
20 |
|
|
2014-11-17 |
2017-09-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors. |
40345 |
CVE-2014-6102 |
264 |
|
Bypass |
2015-02-16 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before 7.5.0.6 IFIX008, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly handle logout actions, which allows remote attackers to bypass intended Cognos BI Direct Integration access restrictions by leveraging an unattended workstation. |
40346 |
CVE-2014-6101 |
79 |
|
XSS |
2014-10-31 |
2017-09-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the redirect-login feature in IBM Business Process Manager (BPM) Advanced 7.5 through 8.5.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
40347 |
CVE-2014-6100 |
79 |
|
XSS |
2014-10-18 |
2017-09-07 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli Directory Server 6.1 before 6.1.0.64-ISS-ITDS-IF0064, 6.2 before 6.2.0.39-ISS-ITDS-FP0039, and 6.3 before 6.3.0.33-ISS-ITDS-IF0033, and IBM Security Directory Server 6.3.1 before 6.3.1.7-ISS-ISDS-IF0007, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
40348 |
CVE-2014-6099 |
255 |
|
|
2014-10-26 |
2017-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The Change Password feature in IBM Sterling B2B Integrator 5.2.x through 5.2.4 does not have a lockout protection mechanism for invalid login requests, which makes it easier for remote attackers to obtain admin access via a brute-force approach. |
40349 |
CVE-2014-6098 |
255 |
|
|
2014-11-17 |
2017-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to discover cleartext passwords via a crafted request. |
40350 |
CVE-2014-6097 |
20 |
|
DoS |
2014-11-08 |
2017-09-07 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. |