Filtered by vendor Ibm
Subscribe
Total
7129 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-0679 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via a "modified message." | |||||
CVE-2010-4592 | 1 Ibm | 1 Lotus Mobile Connect | 2024-02-28 | 4.3 MEDIUM | N/A |
The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts. | |||||
CVE-2011-0917 | 1 Ibm | 1 Lotus Domino | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX. | |||||
CVE-2011-1106 | 1 Ibm | 1 Lotus Sametime | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an OpenDatabase action. | |||||
CVE-2011-3138 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2024-02-28 | 5.0 MEDIUM | N/A |
The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety. | |||||
CVE-2010-4274 | 1 Ibm | 1 Director Agent | 2024-02-28 | 4.4 MEDIUM | N/A |
reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. | |||||
CVE-2009-5036 | 1 Ibm | 1 Lotus Notes Traveler | 2024-02-28 | 4.0 MEDIUM | N/A |
traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. | |||||
CVE-2011-1312 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.0 MEDIUM | N/A |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role. | |||||
CVE-2011-1314 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close operations via network connections to a queue manager. | |||||
CVE-2012-0188 | 1 Ibm | 2 Spss Data Collection, Spss Dimensions | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document. | |||||
CVE-2010-0784 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2012-0194 | 1 Ibm | 1 Aix | 2024-02-28 | 7.1 HIGH | N/A |
The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets. | |||||
CVE-2011-2163 | 1 Ibm | 2 Systems Director, Virtualization Manager | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors. | |||||
CVE-2011-1215 | 1 Ibm | 1 Lotus Notes | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND. | |||||
CVE-2011-1321 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 6.5 MEDIUM | N/A |
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO). | |||||
CVE-2011-1385 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.8 HIGH | N/A |
IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote attackers to cause a denial of service (system crash) via an ICMP Echo Reply packet that contains 1 in the Identifier field, a different vulnerability than CVE-2012-0194. | |||||
CVE-2011-0315 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to the lack of an error page for an application. | |||||
CVE-2008-7288 | 1 Ibm | 2 Aix, Tivoli Directory Server | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operation. | |||||
CVE-2011-1217 | 1 Ibm | 1 Lotus Notes | 2024-02-28 | 9.3 HIGH | N/A |
Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-0200 | 1 Ibm | 1 Soliddb | 2024-02-28 | 4.0 MEDIUM | N/A |
The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition. |