Vulnerabilities > IBM > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-11 | CVE-2018-1980 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. | 7.8 |
| 2019-03-11 | CVE-2018-1978 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. | 7.8 |
| 2019-03-11 | CVE-2018-1974 | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere 8.0.0.0 through 9.1.1 could allow an authenticated attacker to escalate their privileges when using multiplexed channels. | 7.5 |
| 2019-03-11 | CVE-2018-1923 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. | 7.8 |
| 2019-03-11 | CVE-2018-1922 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. | 7.8 |
| 2019-03-11 | CVE-2018-1890 | Uncontrolled Search Path Element vulnerability in IBM SDK 8.0 IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. | 7.8 |
| 2019-02-21 | CVE-2018-1946 | Inadequate Encryption Strength vulnerability in IBM Security Identity Governance and Intelligence IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. | 7.5 |
| 2019-02-15 | CVE-2018-1701 | Unspecified vulnerability in IBM products IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. | 8.5 |
| 2019-02-15 | CVE-2017-1695 | Inadequate Encryption Strength vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
| 2019-02-04 | CVE-2018-1970 | XXE vulnerability in IBM Security Access Manager IBM Security Identity Manager 7.0.1 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 7.1 |