Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-09-11 | CVE-2008-3960 | Improper Input Validation vulnerability in IBM DB2 Universal Database 8.2 Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | 5.0 |
| 2008-09-11 | CVE-2008-3959 | Denial-Of-Service vulnerability in DB2 8.1/8.2 IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | 5.0 |
| 2008-08-29 | CVE-2008-3860 | Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1 Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. | 4.3 |
| 2008-08-28 | CVE-2008-3858 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1 The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request. | 4.3 |
| 2008-08-28 | CVE-2008-3857 | Information Exposure vulnerability in IBM DB2 Universal Database 9.1 The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. | 4.6 |
| 2008-08-28 | CVE-2008-3855 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1 Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664. | 4.6 |
| 2008-08-28 | CVE-2008-3852 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1/9.5 Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. | 6.5 |
| 2008-08-08 | CVE-2008-3550 | Information Exposure vulnerability in IBM Rational Clearquest 7.0.1 The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. | 5.0 |
| 2008-07-21 | CVE-2008-3236 | Cryptographic Issues vulnerability in IBM Websphere Application Server Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted. | 5.0 |
| 2008-07-14 | CVE-2008-3161 | Cross-Site Scripting vulnerability in IBM Maximo 4.1/5.2 Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. | 4.3 |