| CVE-2017-1130 |
medium |
6.5 |
7.5 |
EXP |
|
ibm |
9y ago |
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and h… |
| CVE-2017-1129 |
medium |
6.5 |
7.5 |
EXP |
|
ibm |
9y ago |
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 1213… |
| CVE-2017-1297 |
high |
7.3 |
8.3 |
EXP |
linux-kernel |
ibm |
9y ago |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a loca… |
| CVE-2017-1274 |
high |
8.8 |
9.8 |
EXP |
|
ibm |
9y ago |
IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Fo… |
| CVE-2015-0107 |
medium |
6.5 |
7.5 |
EXP |
|
ibm |
9y ago |
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol… |
| CVE-2015-0104 |
high |
8.8 |
9.8 |
EXP |
|
ibm |
9y ago |
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol… |
| CVE-2016-8972 |
high |
7.8 |
8.8 |
EXP |
|
ibm |
9y ago |
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. |
| CVE-2016-6079 |
high |
7.8 |
8.8 |
EXP |
|
ibm |
9y ago |
IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88… |
| CVE-2016-0400 |
medium |
6.1 |
7.1 |
EXP |
|
ibm |
10y ago |
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP hea… |
| CVE-2015-7422 |
medium |
5.5 |
6.5 |
EXP |
|
ibm |
11y ago |
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors. |
| CVE-2015-2023 |
high |
8.8 |
9.8 |
EXP |
|
ibm |
11y ago |
Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors. |
| CVE-2015-1930 |
high |
— |
8.8 |
EXP |
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-0179 |
high |
— |
8.2 |
EXP |
|
ibm |
11y ago |
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. |
| CVE-2014-6137 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified… |
| CVE-2014-8904 |
high |
— |
8.2 |
EXP |
|
ibm |
12y ago |
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. |
| CVE-2013-5467 |
high |
— |
8.2 |
EXP |
linux-kernel |
ibm |
12y ago |
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 throug… |
| CVE-2014-0871 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-p… |
| CVE-2014-0870 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrar… |
| CVE-2014-0869 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to ob… |
| CVE-2014-0868 |
medium |
— |
5.9 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intend… |
| CVE-2014-0867 |
medium |
— |
6.8 |
EXP |
|
ibm |
12y ago |
rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query s… |
| CVE-2014-0866 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive informa… |
| CVE-2014-0865 |
medium |
— |
5.9 |
EXP |
|
ibm |
12y ago |
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intend… |
| CVE-2014-0864 |
medium |
— |
7.8 |
EXP |
|
ibm |
12y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers… |
| CVE-2014-3977 |
medium |
— |
7.9 |
EXP |
|
ibm |
12y ago |
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix… |
| CVE-2013-3982 |
medium |
— |
6.0 |
EXP |
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to obtain unspecified installation information and technical data via a request to a public page. |
| CVE-2013-3977 |
medium |
— |
5.3 |
EXP |
|
ibm |
12y ago |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to determine which meeting rooms are owned by a user by leveraging knowledge of valid user names. |
| CVE-2013-3975 |
medium |
— |
6.0 |
EXP |
|
ibm |
12y ago |
Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a sear… |
| CVE-2013-6720 |
medium |
— |
6.5 |
EXP |
|
ibm |
12y ago |
Directory traversal vulnerability in download.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authent… |
| CVE-2013-6719 |
medium |
— |
7.0 |
EXP |
|
ibm |
12y ago |
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary com… |
| CVE-2013-5447 |
medium |
— |
7.8 |
EXP |
|
ibm |
13y ago |
Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and 8.x before 8.0.1.1 allows remote attackers to execute arbitrary code via an XFDL form with a long fontname value. |
| CVE-2013-4034 |
medium |
— |
5.0 |
EXP |
|
ibm |
13y ago |
IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitr… |
| CVE-2013-3986 |
medium |
— |
5.3 |
EXP |
|
ibm |
13y ago |
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session. |
| CVE-2012-0744 |
medium |
— |
6.0 |
EXP |
|
ibm |
14y ago |
IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcou… |
| CVE-2012-3294 |
medium |
— |
7.8 |
EXP |
|
ibm |
14y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier, and WebSphere MQ - Managed File Transfer 7.5, allo… |
| CVE-2012-2955 |
medium |
— |
5.3 |
EXP |
|
ibm |
14y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security … |
| CVE-2012-2172 |
medium |
— |
5.3 |
EXP |
|
ibm |
14y ago |
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote atta… |
| CVE-2012-2171 |
medium |
— |
7.5 |
EXP |
|
ibm |
14y ago |
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to e… |
| CVE-2012-0200 |
medium |
— |
5.0 |
EXP |
|
ibm |
15y ago |
The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT state… |
| CVE-2011-3390 |
medium |
— |
5.3 |
EXP |
|
ibm |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informi… |
| CVE-2010-3271 |
medium |
— |
7.8 |
EXP |
|
ibm |
15y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote… |
| CVE-2011-1106 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an Open… |
| CVE-2011-1038 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString par… |
| CVE-2010-4604 |
high |
— |
8.2 |
EXP |
linux-kernel |
ibm |
16y ago |
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.… |
| CVE-2010-4236 |
medium |
— |
7.9 |
EXP |
|
ibm |
16y ago |
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PAT… |
| CVE-2010-3899 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of… |
| CVE-2010-3895 |
high |
— |
8.2 |
EXP |
|
ibm |
16y ago |
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. |
| CVE-2010-3893 |
high |
— |
8.5 |
EXP |
|
ibm |
16y ago |
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbit… |
| CVE-2010-3891 |
medium |
— |
7.8 |
EXP |
|
ibm |
16y ago |
Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authenticatio… |
| CVE-2010-4120 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web scr… |
| CVE-2010-4094 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by l… |
| CVE-2010-4057 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, whic… |
| CVE-2010-4056 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attacke… |
| CVE-2010-4055 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 13… |
| CVE-2010-2433 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) e… |
| CVE-2010-0714 |
medium |
— |
5.3 |
EXP |
|
ibm |
17y ago |
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 … |
| CVE-2010-0557 |
high |
— |
8.5 |
EXP |
|
ibm |
17y ago |
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. |
| CVE-2010-0462 |
medium |
— |
7.5 |
EXP |
|
ibm |
17y ago |
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column … |
