Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-05 | CVE-2009-2669 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.3/6.1 A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. | 7.2 |
| 2009-07-13 | CVE-2009-2434 | Buffer Errors vulnerability in IBM AIX 5.3 Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2009-06-25 | CVE-2009-0903 | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the Feature Pack for Web Services for WAS 6.1 before 6.1.0.25, when a WS-Security policy is established at the operation level, does not properly handle inbound requests that lack a SOAPAction or WS-Addressing Action, which allows remote attackers to bypass intended access restrictions via a crafted request to a JAX-WS application. | 7.5 |
| 2009-06-08 | CVE-2009-1954 | Remote Denial of Service vulnerability in IBM AIX 5.3 Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 allows attackers to cause a denial of service (daemon hang) via unknown vectors, related to libtli. | 7.8 |
| 2009-05-05 | CVE-2009-1522 | Unspecified vulnerability in IBM Tivoli Storage Manager Client The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. | 7.1 |
| 2009-05-05 | CVE-2009-1521 | Unspecified vulnerability in IBM products Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage Manager (TSM) client 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.5, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17, and the TSM Express client 5.3.3.0 through 5.3.6.5, allows attackers to read or modify arbitrary files via unknown vectors. | 7.5 |
| 2009-04-21 | CVE-2009-1355 | Buffer Errors vulnerability in IBM AIX 5.2/5.3/6.1 Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename. | 7.2 |
| 2009-04-09 | CVE-2009-1250 | Numeric Errors vulnerability in multiple products The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58, and IBM AFS 3.6 before Patch 19, on Linux allows remote attackers to cause a denial of service (system crash) via an RX response with a large error-code value that is interpreted as a pointer and dereferenced, related to use of the ERR_PTR macro. | 7.8 |
| 2009-03-16 | CVE-2009-0508 | Information Exposure vulnerability in IBM Websphere Application Server The Servlet Engine/Web Container and JSP components in IBM WebSphere Application Server (WAS) 5.1.0, 5.1.1.19, 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.23, and 7.0 before 7.0.0.3 allow remote attackers to read arbitrary files contained in war files in (1) web-inf, (2) meta-inf, and unspecified other directories via unknown vectors, related to (a) web-based applications and (b) the administrative console. | 7.5 |
| 2009-03-04 | CVE-2009-0779 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX 5.3/6.1 Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users to gain privileges via a long "input string." | 7.2 |