CVE-2026-9072

CVE-2026-9072 affects IBM i (versions 7.3–7.6) with IBM WebSphere Application Server and WebSphere Application Server Liberty when using Intelligent Management with the WebSphere WebServer Plug-in. The issue arises when an attacker impersonates backend servers and sends crafted responses to the p...

EUVD-2026-33730

IBM i Access Family 1.1.5.0 through 1.1.9.12 IBM i Access Client Solutions ACS is vulnerable to remote code execution when configured to listen for requests from IBM i Navigator...

CVE-2025-36119 IBM i authentication bypass

IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i DCM due to a web session hijacking vulnerability. An authenticated user without administrator privileges could exploit this vulnerability to perform actions i...

CVE-2025-33122

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 could allow a user to gain elevated privileges due to an unqualified library call in IBM Advanced Job Scheduler for i. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2023-0202

NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure...

PT-2025-2429 · Ibm · Ibm I

Name of the Vulnerable Software and Affected Versions: IBM i versions 7.2 through 7.5 Description: The issue is related to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges o...

The vulnerability of the IBM i operating system and the IBM Rational Development Studio for i application suite lies in the insufficient protection of registration data, allowing a hacker to execute arbitrary code with administrator privileges.

The vulnerability of the IBM i operating system and the IBM Rational Development Studio for i application suite is related to insufficient protection of registration data. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code with administrator privileges...

CVE-2024-27275

IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target...

CVE-2022-22495

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941...

Security Bulletin: Vulnerability in SSLv3 affects Host On-Demand (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 is enabled in IBM Rational Host On-Demand. Vulnerability Details CVE-ID: CVE-2014-3566 Description: Product could allow a remote attacker to obtain sensitive...

Security Bulletin: Local escalation of privilege vulnerability in IBM® DB2® (CVE-2016-5995).

Summary A vulnerability in IBM DB2 for Linux, Unix and Windows could allow a local user to gain elevated privilege. Vulnerability Details CVEID: CVE-2016-5995 DESCRIPTION: DB2 for Linux, Unix and Windows is vulnerable to a privilege escalation due to loading libraries from insecure locations. A...

Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability in which a malformated DRDA message may cause the DB2 server to terminate abnormally (CVE-2016-0211)

Summary IBM DB2 LUW contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted DRDA message and cause DB2 server to terminate abnormally. Vulnerability Details CVEID: CVE-2016-0211 DESCRIPTION: IBM DB2 LUW contains ...

Symantec / Norton AntiVirus - ASPack Remote Heap/Pool Memory Corruption

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=820 When parsing executables packed by an early version of aspack, a buffer overflow can occur in the core Symantec Antivirus Engine used in most Symantec and Norton branded...

SymantecNorton AntiVirus - ASPack Remote HeapPool Memory Corruption

SymantecNorton AntiVirus - ASPack Remote HeapPool Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=820 When parsing executables packed by an early version of aspack, a buffer overflow can occur in the core Symantec Antivirus Engine used in most Symantec and Nort...