Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-05-22 | CVE-2008-2410 | Cross-Site Scripting vulnerability in IBM Lotus Domino web Server Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-05-13 | CVE-2008-2163 | Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1 Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." | 4.3 |
2008-04-27 | CVE-2008-1966 | Buffer Errors vulnerability in IBM DB2 8.0/9.1/9.5 Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar. | 4.0 |
2008-04-16 | CVE-2007-5758 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database 8/9.1/9.5 Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable. | 6.9 |
2008-04-16 | CVE-2007-5664 | Link Following vulnerability in IBM DB2 Universal Database 8/9.1/9.5 db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization. | 6.9 |
2008-04-09 | CVE-2008-1708 | Resource Management Errors vulnerability in IBM Soliddb IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field. | 4.3 |
2008-04-09 | CVE-2008-1707 | Resource Management Errors vulnerability in IBM Soliddb IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field. | 4.3 |
2008-04-09 | CVE-2008-1706 | Numeric Errors vulnerability in IBM Soliddb 06.00.1018 Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field. | 4.3 |
2008-04-09 | CVE-2008-1705 | USE of Externally-Controlled Format String vulnerability in IBM Soliddb 06.00.1018 Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields. | 6.8 |
2008-03-31 | CVE-2008-1598 | Information Exposure vulnerability in IBM AIX 6.1 The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges to read arbitrary kernel memory and obtain sensitive information via unspecified vectors. | 4.7 |