Vulnerabilities > IBM > High

DATE CVE VULNERABILITY TITLE RISK
2007-10-29 CVE-2007-5544 Incorrect Permission Assignment for Critical Resource vulnerability in IBM Lotus Notes
IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session.
local
low complexity
ibm CWE-732
7.8
2007-07-18 CVE-2007-3268 Divide By Zero vulnerability in IBM Tivoli Provisioning Manager OS Deployment 5.1.0.2
The TFTP implementation in IBM Tivoli Provisioning Manager for OS Deployment 5.1 before Fix Pack 3 allows remote attackers to cause a denial of service (rembo.exe crash and multiple service outage) via a read (RRQ) request with an invalid blksize (blocksize), which triggers a divide-by-zero error.
network
low complexity
ibm CWE-369
7.5
2005-12-31 CVE-2005-4868 Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 Universal Database
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
local
low complexity
ibm CWE-732
7.1
2003-08-18 CVE-2003-0578 Link Following vulnerability in IBM U2 Universe 10.0.0.9
cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files.
local
low complexity
ibm CWE-59
7.8
2000-06-08 CVE-2000-0497 Improper Handling of Case Sensitivity vulnerability in IBM Websphere Application Server 3.0.2
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
network
low complexity
ibm CWE-178
7.5