Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-09 | CVE-2008-4506 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows a place manager to "demote or delete a place superuser group" via unknown vectors. | 7.5 |
| 2008-10-09 | CVE-2008-4505 | Improper Input Validation vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) might allow attackers to cause a denial of service (system crash) via a "nonstandard URL argument" to the OpenDocument command. | 7.8 |
| 2008-09-27 | CVE-2008-4294 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Netcool Webtop 2.1.0 IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user privileges after logout, which allows physically proximate attackers to hijack a session by visiting an unattended workstation, as demonstrated by a root session that is still valid after a subsequent read-only session has begun. | 7.2 |
| 2008-09-11 | CVE-2008-4018 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1 swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local users in the system group to create or overwrite an arbitrary file, and establish weak permissions and root ownership for this file, via unspecified vectors. | 7.2 |
| 2008-09-11 | CVE-2008-3958 | Multiple vulnerability in IBM DB2 8.0 IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | 7.5 |
| 2008-09-11 | CVE-2007-6717 | Buffer Errors vulnerability in IBM AIX 5.2.0/5.3.0 Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors. | 7.2 |
| 2008-08-28 | CVE-2008-3856 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 8/8.0/9.1 The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. | 7.5 |
| 2008-08-28 | CVE-2008-3854 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database 9.1/9.5 Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function. | 7.8 |
| 2008-08-04 | CVE-2008-3423 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Portal IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to bypass authentication and obtain administrative access via unspecified vectors. | 7.5 |
| 2008-06-02 | CVE-2008-2515 | Permissions, Privileges, and Access Controls vulnerability in IBM AIX 5.2/5.3/6.1 Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown vectors related to an "environment variable handling error." | 7.2 |