Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-1313 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and storage corruption) by rejecting IIOP requests at opportunistic time instants, as demonstrated by requests associated with an ORB_Request::getACRWorkElementPtr function call. | |||||
CVE-2009-5058 | 1 Ibm | 2 Lotus Domino, Lotus Quickr | 2024-02-28 | 3.5 LOW | N/A |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is accessed through a connector, aka SPR RELS7LARKR. | |||||
CVE-2010-3319 | 1 Ibm | 1 Filenet Content Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file. | |||||
CVE-2011-1373 | 1 Ibm | 1 Db2 | 2024-02-28 | 1.5 LOW | N/A |
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors. | |||||
CVE-2010-4806 | 1 Ibm | 1 Web Content Manager | 2024-02-28 | 4.0 MEDIUM | N/A |
The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges. | |||||
CVE-2010-4623 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2024-02-28 | 4.0 MEDIUM | N/A |
WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions. | |||||
CVE-2011-1356 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 2.1 LOW | N/A |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. | |||||
CVE-2010-1041 | 1 Ibm | 1 Db2 Content Manager | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors. | |||||
CVE-2010-0777 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 2.6 LOW | N/A |
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorrect file in some responses, which allows remote attackers to obtain sensitive information by reading the retrieved file. | |||||
CVE-2010-1560 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.0 MEDIUM | N/A |
Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462. | |||||
CVE-2008-7253 | 1 Ibm | 1 Lotus Domino Server | 2024-02-28 | 4.3 MEDIUM | N/A |
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. | |||||
CVE-2011-1220 | 1 Ibm | 1 Tivoli Management Framework | 2024-02-28 | 9.0 HIGH | N/A |
Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field. | |||||
CVE-2011-1311 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 6.0 MEDIUM | N/A |
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service. | |||||
CVE-2009-4594 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH. | |||||
CVE-2010-0780 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 4.3 MEDIUM | N/A |
IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a denial of service (disk consumption) via multiple connection attempts to a stopped queue manager. | |||||
CVE-2009-5060 | 1 Ibm | 2 Lotus Domino, Lotus Quickr | 2024-02-28 | 3.5 LOW | N/A |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in a calendar, aka SPR MZHA7SEBJX. | |||||
CVE-2010-2636 | 1 Ibm | 1 Websphere Commerce | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
CVE-2011-1208 | 1 Ibm | 1 Soliddb | 2024-02-28 | 7.8 HIGH | N/A |
IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite and (2) rpc_test_svc_done commands, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted command. | |||||
CVE-2010-3736 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.0 MEDIUM | N/A |
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server. | |||||
CVE-2011-3576 | 1 Ibm | 1 Lotus Domino | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the PanelIcon parameter in an fmpgPanelHeader ReadForm action to WebAdmin.nsf. |