Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-23 | CVE-2007-0442 | Remote Security vulnerability in IBM OS/400 Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. | 5.0 |
| 2007-01-19 | CVE-2007-0392 | Local Security vulnerability in IBM AIX 5.3 IBM AIX 5.3 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | 4.6 |
| 2006-12-31 | CVE-2006-6915 | Denial Of Service vulnerability in IBM AIX 5.2.0/5.3.0 ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. | 4.0 |
| 2006-12-31 | CVE-2006-6914 | Local Information Disclosure vulnerability in IBM AIX 5.2.0/5.3.0 Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors. | 5.0 |
| 2006-12-19 | CVE-2006-6638 | Remote SQLJRA Packet Denial of Service vulnerability in IBM DB2 IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | 5.0 |
| 2006-12-19 | CVE-2006-6637 | Information Exposure vulnerability in IBM Websphere Application Server The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." | 5.0 |
| 2006-11-10 | CVE-2006-5835 | Information Disclosure vulnerability in IBM Lotus Notes User.ID File Key The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file. | 5.0 |
| 2006-11-03 | CVE-2006-5664 | Local Security vulnerability in IBM products The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. | 4.6 |
| 2006-11-03 | CVE-2006-5663 | Local Security vulnerability in IBM products IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. | 4.6 |
| 2006-10-05 | CVE-2006-5161 | Unspecified vulnerability in IBM Client Security Password Manager IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page. | 6.4 |