Filtered by vendor Ibm
Subscribe
Total
7311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-49791 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 6.4 MEDIUM |
| IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2024-49800 | 1 Ibm | 1 Applinx | 2025-02-12 | N/A | 4.3 MEDIUM |
| IBM ApplinX 11.1 stores sensitive information in cleartext in memory that could be obtained by an authenticated user. | |||||
| CVE-2023-50306 | 1 Ibm | 1 Common Licensing | 2025-02-12 | N/A | 4.0 MEDIUM |
| IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337. | |||||
| CVE-2014-7169 | 17 Apple, Arista, Canonical and 14 more | 85 Mac Os X, Eos, Ubuntu Linux and 82 more | 2025-02-10 | 10.0 HIGH | 9.8 CRITICAL |
| GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. | |||||
| CVE-2019-4716 | 1 Ibm | 1 Planning Analytics | 2025-02-07 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting. IBM X-Force ID: 172094. | |||||
| CVE-2017-1563 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131763. | |||||
| CVE-2017-1545 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | 2.1 LOW | 6.8 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical access to the system to log into the application using previously stored credentials. IBM X-Force ID: 130914. | |||||
| CVE-2017-1567 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131769. | |||||
| CVE-2017-1540 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130808. | |||||
| CVE-2018-1457 | 3 Ibm, Linux, Microsoft | 3 Engineering Requirements Management Doors, Linux Kernel, Windows | 2025-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| An undisclosed vulnerability in IBM Rational DOORS 9.5.1 through 9.6.1.10 application allows an attacker to gain DOORS administrator privileges. IBM X-Force ID: 140208. | |||||
| CVE-2017-1516 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826. | |||||
| CVE-2017-1532 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | 3.5 LOW | 5.4 MEDIUM |
| IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411. | |||||
| CVE-2017-1515 | 1 Ibm | 1 Engineering Requirements Management Doors | 2025-02-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825. | |||||
| CVE-2024-25046 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953. | |||||
| CVE-2024-25030 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 6.2 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677. | |||||
| CVE-2024-22360 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.3 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905. | |||||
| CVE-2023-52296 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.3 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547. | |||||
| CVE-2024-40679 | 1 Ibm | 1 Db2 | 2025-01-31 | N/A | 5.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. | |||||
| CVE-2023-32331 | 3 Ibm, Linux, Oracle | 4 Aix, Sterling Connect\, Linux Kernel and 1 more | 2025-01-31 | N/A | 7.5 HIGH |
| IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979. | |||||
| CVE-2023-38729 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-01-31 | N/A | 6.8 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. | |||||