Filtered by vendor Ibm
Subscriptions
Total
8199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1441 | 1 Ibm | 1 Visualage For Java | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 Professional allows remote attackers to execute JavaScript on other clients via the URL, which injects the script in the resulting error message. | ||||
| CVE-2001-1440 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Unknown vulnerability in login for AIX 5.1L, when using loadable authentication modules, allows remote attackers to gain access to the system. | ||||
| CVE-2001-1557 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges. | ||||
| CVE-2002-0678 | 7 Caldera, Compaq, Hp and 4 more | 9 Openunix, Unixware, Tru64 and 6 more | 2026-04-16 | N/A |
| CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure. | ||||
| CVE-2002-0744 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow. | ||||
| CVE-1999-1480 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| (1) acledit and (2) aclput in AIX 4.3 allow local users to create or modify files via a symlink attack. | ||||
| CVE-1999-0042 | 5 Bsdi, Caldera, Ibm and 2 more | 6 Bsd Os, Openlinux, Aix and 3 more | 2026-04-16 | N/A |
| Buffer overflow in University of Washington's implementation of IMAP and POP servers. | ||||
| CVE-1999-0091 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in AIX writesrv command allows local users to obtain root access. | ||||
| CVE-1999-0116 | 1 Ibm | 2 Aix, Sng | 2026-04-16 | N/A |
| Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood. | ||||
| CVE-1999-0718 | 1 Ibm | 1 Gina | 2026-04-16 | N/A |
| IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. | ||||
| CVE-1999-1121 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges. | ||||
| CVE-1999-0014 | 3 Cde, Hp, Ibm | 4 Cde, Hp-ux, Vvos and 1 more | 2026-04-16 | N/A |
| Unauthorized privileged access or denial of service via dtappgather program in CDE. | ||||
| CVE-2024-40685 | 1 Ibm | 1 Operations Analytics - Log Analysis | 2026-04-15 | 4.3 Medium |
| IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allow an attacker to trick a trusted user into performing unauthorized actions. | ||||
| CVE-2024-39724 | 1 Ibm | 1 Big Sql | 2026-04-15 | 5.3 Medium |
| IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal knowledge of the environment could exploit this weakness to cause a denial of service. | ||||
| CVE-2025-33135 | 1 Ibm | 2 Financial Transaction Manager For Ach Services And Check Services For Multi-platform, Financial Transaction Manager For Ach Services And Check Services For Multi Platform | 2026-04-15 | 6.1 Medium |
| IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms) is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2025-14150 | 1 Ibm | 1 Webmethods Integration On Prem Integration Server | 2026-04-15 | 6.5 Medium |
| IBM webMethods Integration (on prem) - Integration Server 10.15 through IS_10.15_Core_Fix2411.1 to IS_11.1_Core_Fix8 IBM webMethods Integration could disclose sensitive user information in server responses. | ||||
| CVE-2024-53979 | 1 Ibm | 1 Zhmc | 2026-04-15 | 8.3 High |
| ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection "ibm.ibm_zhmc" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The 'boot_ftp_password' and 'ssc_master_pw' properties are passed as input to the zhmc_partition Ansible module. 2. The 'ssc_master_pw' and 'zaware_master_pw' properties are passed as input to the zhmc_lpar Ansible module. 3. The 'password' property is passed as input to the zhmc_user Ansible module (just in log file, not in module output). 4. The 'bind_password' property is passed as input to the zhmc_ldap_server_definition Ansible module. These properties appear in the module output only when they were specified in the module input and when creating or updating the corresponding resources. They do not appear in the output when retrieving facts for the corresponding resources. These properties appear in the log file only when the "log_file" module input parameter is used. By default, no log file is created. This issue has been fixed in ibm.ibm_zhmc version 1.9.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-13491 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2026-04-15 | 5.1 Medium |
| IBM App Connect Enterprise Certified Container CD: 11.2.0 through 11.6.0, 12.1.0 through 12.19.0 and 12.0 LTS: 12.0.0 through 12.0.19 could allow an attacker to access sensitive files or modify configurations due to an untrusted search path. | ||||
| CVE-2025-13375 | 1 Ibm | 1 Common Cryptographic Architecture | 2026-04-15 | 9.8 Critical |
| IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system. | ||||
| CVE-2025-12985 | 1 Ibm | 1 License Metric Tool | 2026-04-15 | 8.4 High |
| IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image. | ||||