3 results (0.005 seconds)

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH." Una vulnerabilidad no especificada en la funcionalidad de comprobación de XML Digital Signature en JVA-RUN en JDK versión 6.0 en IBM OS/400 i5/OS versiones V5R4M0 y V6R1M0, presenta un impacto y vectores de ataque desconocidos relacionados con "XML SECURITY PATCH". • http://secunia.com/advisories/35356 http://www-01.ibm.com/support/docview.wss?uid=nas2741c96b7c573b81a862575cc003c726e http://www-01.ibm.com/support/docview.wss?uid=nas2e858199605d67111862575cc003c7276 http://www.attrition.org/pipermail/vim/2009-June/002190.html http://www.securityfocus.com/bid/35265 http://www.vupen.com/english/advisories/2009/1536 https://exchange.xforce.ibmcloud.com/vulnerabilities/51005 •

CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0

Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. NOTE: there might be limited attack scenarios. Desbordamiento de buffer en la función BrSmRcvAndCheck en el módulo RCHMGR de IBM OS/400 V5R4M0, V5R4M5, y V6R1M0, permite a atacantes locales provocar una denegación de servicio (parada de tarea y volcado de almacemiento principal), a través de vectores no especificados involucrados en la ejecución de diagnósticos en un puerto de modem. NOTA: Podría haber escenarios de ataque limitados. • http://secunia.com/advisories/30554 http://www-1.ibm.com/support/docview.wss?uid=nas21f21bcbaa63f55268625745e003c6f64 http://www.securityfocus.com/bid/29660 http://www.vupen.com/english/advisories/2008/1799 https://exchange.xforce.ibmcloud.com/vulnerabilities/42984 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM OS/400 V5R3M0 and V5R4M0 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en HTTP Server de IBM OS/400 V5R3M0 y V5R4M0. permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la cabecera Expect HTTP. • http://secunia.com/advisories/28744 http://www-1.ibm.com/support/docview.wss?uid=nas22f5a0f082f6821c4862573e10041f7bd http://www.securityfocus.com/bid/27595 http://www.vupen.com/english/advisories/2008/0397 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •