Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-5073 | 1 Ibm | 1 Tivoli Directory Server | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) by adding a nested group that contains the Distinguished Name (DN) of its parent entry. | |||||
CVE-2010-4589 | 1 Ibm | 1 Enovia | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property. | |||||
CVE-2010-2635 | 1 Ibm | 1 Websphere Commerce | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." | |||||
CVE-2010-1347 | 2 Ibm, Linux | 3 Aix, Director Agent, Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts. | |||||
CVE-2010-0927 | 1 Ibm | 1 Lotus Domino | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920. | |||||
CVE-2009-4439 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query. | |||||
CVE-2011-1389 | 1 Ibm | 3 Rational License Key Server, Rational License Server, Telelogic License Server | 2024-02-28 | 10.0 HIGH | N/A |
Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-4135. | |||||
CVE-2010-3187 | 1 Ibm | 1 Aix | 2024-02-28 | 10.0 HIGH | N/A |
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command. | |||||
CVE-2011-3390 | 1 Ibm | 2 Informix, Openadmin Tool | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informixserver, (2) host, or (3) port parameter in a login action. | |||||
CVE-2010-3758 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-02-28 | 10.0 HIGH | N/A |
Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_SendToLog (aka _SendToLog) function; the (2) group, (3) workgroup, or (4) domain name field to the USER_S_AddADGroup function; the (5) user_path variable to the FXCLI_checkIndexDBLocation function; or (6) the _AGI_S_ActivateLTScriptReply (aka ActivateLTScriptReply) function. NOTE: this might overlap CVE-2010-3059. | |||||
CVE-2010-3891 | 1 Ibm | 1 Omnifind | 2024-02-28 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action. | |||||
CVE-2011-4834 | 3 Hp, Ibm, Sun | 4 Application Lifestyle Management, Hp-ux, Aix and 1 more | 2024-02-28 | 4.6 MEDIUM | N/A |
The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt. | |||||
CVE-2011-1322 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages. | |||||
CVE-2009-4357 | 1 Ibm | 2 Rational Clearcase, Rational Clearquest | 2024-02-28 | 5.0 MEDIUM | N/A |
CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors. | |||||
CVE-2010-2090 | 2 Ibm, Microsoft | 3 Aix, Communications Server, Windows | 2024-02-28 | 5.0 MEDIUM | N/A |
The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. | |||||
CVE-2008-7274 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2) providing an empty password. | |||||
CVE-2006-7242 | 1 Ibm | 1 Filenet P8 Application Engine | 2024-02-28 | 4.0 MEDIUM | N/A |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2011-0916 | 1 Ibm | 1 Lotus Domino | 2024-02-28 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H. | |||||
CVE-2010-4605 | 2 Ibm, Linux | 2 Tivoli Storage Manager, Linux Kernel | 2024-02-28 | 6.6 MEDIUM | N/A |
Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 on Unix and Linux allows local users to overwrite arbitrary files via unknown vectors. | |||||
CVE-2011-4171 | 1 Ibm | 1 Websphere Ilog Rule Team Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the project parameter to teamserver/faces/home.jsp. |