Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-18 | CVE-2007-4273 | USE of Externally-Controlled Format String vulnerability in IBM DB2 Universal Database IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm). | 4.6 |
| 2007-08-18 | CVE-2007-4270 | Multiple Unspecified vulnerability in IBM DB2 Universal Database Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files. local ibm | 6.9 |
| 2007-08-15 | CVE-2007-4353 | Buffer Overflow vulnerability in IBM AIX Configuration Commands Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in the system group to gain root privileges via unspecified vectors involving the (1) chpath, (2) rmpath, and (3) devinstall programs in bos.rte.methods. local ibm | 6.9 |
| 2007-08-08 | CVE-2007-4238 | Local Security vulnerability in AIX 5.2/5.3 AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, which allows local users with bin or possibly printq privileges to gain root privileges by modifying pioinit. local ibm | 6.9 |
| 2007-08-08 | CVE-2007-4237 | Local Security vulnerability in AIX 5.2/5.3 Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges. local ibm | 6.9 |
| 2007-08-08 | CVE-2007-4236 | Local Security vulnerability in AIX 5.2/5.3 Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows local users with printq group privileges to gain root privileges. local ibm | 6.9 |
| 2007-08-08 | CVE-2007-4228 | Local Buffer Overflow vulnerability in IBM AIX 4.3 rmpvc on IBM AIX 4.3 allows local users to cause a denial of service (system crash) via long port logical name (-l) argument. local ibm | 4.7 |
| 2007-08-03 | CVE-2007-4142 | Cross-Site Scripting vulnerability in IBM Lotus Sametime Server Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server 7.5.1 before 20070731 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a crafted Sametime meeting. network ibm | 4.3 |
| 2007-07-26 | CVE-2007-4004 | Buffer Errors vulnerability in IBM AIX 5.2.0/5.3 Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. | 6.9 |
| 2007-07-26 | CVE-2007-4003 | Unspecified vulnerability in IBM AIX 5.3 pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument. local ibm | 6.9 |