Filtered by vendor Ibm
Subscribe
Total
7127 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-3894 | 1 Ibm | 1 Omnifind | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password. | |||||
CVE-2011-1384 | 1 Ibm | 2 Aix, Invscout.rte | 2024-02-28 | 4.0 MEDIUM | N/A |
The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd programs in invscout.rte before 2.2.0.19 on IBM AIX 7.1, 6.1, 5.3, and earlier allow local users to delete arbitrary files, or trigger inventory scout operations on arbitrary files, via a symlink attack on an unspecified file. | |||||
CVE-2010-1490 | 1 Ibm | 1 Cognos 8 Business Intelligence | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors. | |||||
CVE-2010-0783 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2010-3196 | 1 Ibm | 1 Db2 | 2024-02-28 | 3.5 LOW | N/A |
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. | |||||
CVE-2010-0961 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. | |||||
CVE-2010-3893 | 1 Ibm | 1 Omnifind | 2024-02-28 | 7.5 HIGH | N/A |
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue. | |||||
CVE-2010-4094 | 1 Ibm | 2 Rational Quality Manager, Rational Test Lab Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548. | |||||
CVE-2011-1558 | 1 Ibm | 1 Webi | 2024-02-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242. | |||||
CVE-2010-4594 | 1 Ibm | 1 Lotus Mobile Connect | 2024-02-28 | 4.3 MEDIUM | N/A |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to cause a denial of service (memory consumption and HTTP-AS hang) by making many connection requests that trigger "queue size delta errors," related to a "timing hole" issue. | |||||
CVE-2011-1216 | 1 Ibm | 1 Lotus Notes | 2024-02-28 | 9.3 HIGH | N/A |
Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7. | |||||
CVE-2011-1367 | 1 Ibm | 1 Rational Appscan | 2024-02-28 | 9.3 HIGH | N/A |
Unspecified vulnerability in the File Load feature in IBM Rational AppScan Standard and Express 7.8.x, 7.9.x, and 8.0.x before 8.0.0.3 allows remote attackers to execute arbitrary commands via a crafted .scan file. | |||||
CVE-2011-1206 | 1 Ibm | 1 Tivoli Directory Server | 2024-02-28 | 10.0 HIGH | N/A |
Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.2.0.3-TIV-ITDS-IF0002), and 6.3 before 6.3.0.3 (aka 6.3.0.0-TIV-ITDS-IF0003) allows remote attackers to execute arbitrary code via a crafted LDAP request. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-4602 | 1 Ibm | 1 Rational Clearquest | 2024-02-28 | 4.0 MEDIUM | N/A |
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark. | |||||
CVE-2011-0311 | 1 Ibm | 2 Java, Runtimes For Java Technology | 2024-02-28 | 3.5 LOW | N/A |
The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read. | |||||
CVE-2010-3398 | 1 Ibm | 1 Lotus Sametime | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. | |||||
CVE-2010-4236 | 1 Ibm | 1 Omnifind | 2024-02-28 | 6.9 MEDIUM | N/A |
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895. | |||||
CVE-2010-2280 | 1 Ibm | 1 Lotus Connections | 2024-02-28 | 4.3 MEDIUM | N/A |
Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH. | |||||
CVE-2010-1651 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2024-02-28 | 1.9 LOW | N/A |
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of all inbound and outbound SIP messages, which allows local users to obtain sensitive information by reading the trace log. | |||||
CVE-2010-0274 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2024-02-28 | 10.0 HIGH | N/A |
Unspecified vulnerability in the Edit Contact scene in Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 has unknown impact and attack vectors, aka SPR LSHR7TBLY5. |