Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-13 | CVE-2006-0674 | Local Buffer Overflow vulnerability in IBM AIX ARP Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument. | 4.6 |
| 2006-02-13 | CVE-2006-0663 | Cross-Site Scripting vulnerability in IBM Lotus Domino Inotes Client 6.5.4/7.0 Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. | 4.3 |
| 2006-02-13 | CVE-2006-0662 | HTML and Script Injection vulnerability in IBM Lotus Domino Inotes Client 6.5.4 Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. network ibm | 4.3 |
| 2006-02-08 | CVE-2006-0580 | Denial of Service vulnerability in IBM Lotus Domino Server 7.0 IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP). | 5.0 |
| 2006-02-06 | CVE-2006-0513 | Directory Traversal vulnerability in IBM Tivoli Access Manager for E-Business 5.1.0.10/6.0.0 Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-01-09 | CVE-2006-0120 | Multiple Unspecified vulnerability in IBM products Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN). | 5.0 |
| 2006-01-09 | CVE-2006-0118 | Multiple Unspecified vulnerability in IBM products Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas. | 5.0 |
| 2006-01-09 | CVE-2006-0117 | Multiple Unspecified vulnerability in IBM products Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion". | 5.0 |
| 2005-12-31 | CVE-2005-4871 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.1 Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. | 4.3 |
| 2005-12-31 | CVE-2005-4870 | Buffer Errors vulnerability in IBM DB2 8.1 Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | 4.3 |