Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-06-04 | CVE-2008-2550 | Remote Security vulnerability in Websphere Application Server Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header. | 5.0 |
| 2008-06-02 | CVE-2008-2514 | Buffer Errors vulnerability in IBM AIX 5.2/5.3/6.1 Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via unknown attack vectors. | 4.6 |
| 2008-05-22 | CVE-2008-2410 | Cross-Site Scripting vulnerability in IBM Lotus Domino web Server Cross-site scripting (XSS) vulnerability in the servlet engine and Web container in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2008-05-13 | CVE-2008-2163 | Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1 Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 before Hotfix 5 for Windows and AIX, and before Hotfix 3 for i5/OS, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to "WYSIWYG editors." | 4.3 |
| 2008-04-27 | CVE-2008-1966 | Buffer Errors vulnerability in IBM DB2 8.0/9.1/9.5 Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar. | 4.0 |
| 2008-04-16 | CVE-2007-5758 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database 8/9.1/9.5 Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable. | 6.9 |
| 2008-04-16 | CVE-2007-5664 | Link Following vulnerability in IBM DB2 Universal Database 8/9.1/9.5 db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization. | 6.9 |
| 2008-04-09 | CVE-2008-1708 | Resource Management Errors vulnerability in IBM Soliddb IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field. | 4.3 |
| 2008-04-09 | CVE-2008-1707 | Resource Management Errors vulnerability in IBM Soliddb IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain "type" field. | 4.3 |
| 2008-04-09 | CVE-2008-1706 | Numeric Errors vulnerability in IBM Soliddb 06.00.1018 Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (daemon crash) via a large value in a certain 32-bit field. | 4.3 |