| CVE-2015-4944 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX003, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.… |
| CVE-2015-4939 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0… |
| CVE-2015-2031 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a cr… |
| CVE-2015-2030 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack. |
| CVE-2015-2029 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier. |
| CVE-2015-2028 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting … |
| CVE-2015-2027 |
low |
— |
2.1 |
|
|
ibm |
11y ago |
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an una… |
| CVE-2015-2026 |
medium |
— |
6.0 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote authenticated users to hijack the authentication of arbitrar… |
| CVE-2015-2025 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to captur… |
| CVE-2015-1988 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Stor… |
| CVE-2015-1983 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-1969 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other… |
| CVE-2015-1934 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001… |
| CVE-2015-1933 |
low |
— |
2.1 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001… |
| CVE-2015-4955 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 before 8.5.6.0 CF1 allows remote authenti… |
| CVE-2015-1888 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundatio… |
| CVE-2015-0195 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject … |
| CVE-2015-0145 |
medium |
— |
6.8 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack … |
| CVE-2015-0144 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitra… |
| CVE-2015-0143 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages. |
| CVE-2015-0142 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and… |
| CVE-2015-0141 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. |
| CVE-2014-8916 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitra… |
| CVE-2015-4980 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors. |
| CVE-2015-1943 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial… |
| CVE-2015-2013 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call. |
| CVE-2015-2018 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authen… |
| CVE-2015-4950 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; T… |
| CVE-2015-1992 |
high |
— |
7.2 |
|
|
ibm |
11y ago |
IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified … |
| CVE-2015-6557 |
low |
— |
2.1 |
|
|
ibm |
11y ago |
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: D… |
| CVE-2015-4949 |
low |
— |
2.1 |
|
|
ibm |
11y ago |
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, a… |
| CVE-2015-2015 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a… |
| CVE-2015-2014 |
medium |
— |
5.8 |
|
|
ibm |
11y ago |
Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing att… |
| CVE-2015-4938 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vector… |
| CVE-2015-1932 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sens… |
| CVE-2015-4936 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors. |
| CVE-2015-1987 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 an… |
| CVE-2015-1958 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 an… |
| CVE-2015-1956 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 an… |
| CVE-2015-1955 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a crafted byte sequence in authentication data. |
| CVE-2015-1904 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is ena… |
| CVE-2015-4945 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a cr… |
| CVE-2015-1906 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 th… |
| CVE-2015-1905 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated us… |
| CVE-2015-1984 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary pro… |
| CVE-2015-1982 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which … |
| CVE-2015-1980 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. |
| CVE-2015-1979 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted in… |
| CVE-2015-1968 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitra… |
| CVE-2015-1935 |
high |
— |
8.0 |
|
|
ibm |
11y ago |
The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service… |
| CVE-2015-1922 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended a… |
| CVE-2015-1883 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of … |
| CVE-2015-0157 |
medium |
— |
6.8 |
|
|
ibm |
11y ago |
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveragin… |
| CVE-2015-0130 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 4.x before 4.0.7 IF6 and 5.x before 5.0.2 IF5; Rational Qualit… |
| CVE-2014-8910 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT func… |
| CVE-2015-1946 |
medium |
— |
4.4 |
|
|
ibm |
11y ago |
IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user rol… |
| CVE-2015-1936 |
medium |
— |
6.0 |
|
|
ibm |
11y ago |
The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 before 8.5.5.6, when the Security feature is disabled, allows remote authenticated users to hijack s… |
| CVE-2015-1927 |
medium |
— |
6.8 |
|
|
ibm |
11y ago |
The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServ… |
| CVE-2015-1944 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted… |
| CVE-2015-1917 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 be… |
| CVE-2015-1887 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted r… |
| CVE-2015-1966 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for … |
| CVE-2015-1914 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vec… |
| CVE-2015-1916 |
high |
7.5 |
7.5 |
|
|
ibm |
11y ago |
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider. |
| CVE-2015-1967 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network f… |
| CVE-2015-1951 |
low |
— |
2.1 |
|
|
ibm |
11y ago |
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attacke… |
| CVE-2015-1950 |
medium |
— |
4.6 |
|
|
ibm |
11y ago |
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain Po… |
| CVE-2015-1965 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-1964 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-1963 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-1962 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-1954 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-1953 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-1948 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-1941 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port. |
| CVE-2015-1930 |
high |
— |
8.8 |
EXP |
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-1929 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-1925 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-1924 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a diffe… |
| CVE-2015-1923 |
high |
— |
7.8 |
|
|
ibm |
11y ago |
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. |
| CVE-2015-1919 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Security QRadar Incident Forensics before 7.2.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2015-1913 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8.0.0.x before 8.0.0.5, 8.0.1.x before 8.0.1.6, 8.5.0.x before 8.5.0.4, 8.5.1.x before 8.5.1.5, 8.6.… |
| CVE-2015-1900 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
11y ago |
IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors. |
| CVE-2015-0196 |
medium |
— |
5.0 |
|
|
ibm |
11y ago |
CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response… |
| CVE-2015-0131 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before … |
| CVE-2015-0127 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of … |
| CVE-2015-0126 |
medium |
— |
6.5 |
|
|
ibm |
11y ago |
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users … |
| CVE-2015-0118 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers, whi… |
| CVE-2015-0116 |
low |
— |
3.5 |
|
|
ibm |
11y ago |
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the add… |
| CVE-2015-0115 |
medium |
— |
6.0 |
|
|
ibm |
11y ago |
Cross-site request forgery (CSRF) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 … |
| CVE-2015-2019 |
low |
— |
2.1 |
|
|
ibm |
11y ago |
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents … |
| CVE-2015-1978 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before i… |
| CVE-2015-1974 |
medium |
— |
6.5 |
|
|
ibm |
11y ago |
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows … |
| CVE-2015-1972 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sens… |
| CVE-2015-1959 |
medium |
— |
4.6 |
|
|
ibm |
11y ago |
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted f… |
| CVE-2015-1981 |
low |
— |
2.1 |
|
|
ibm |
11y ago |
Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbi… |
| CVE-2015-1901 |
low |
— |
1.9 |
|
|
ibm |
11y ago |
The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands. |
| CVE-2015-1884 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (… |
| CVE-2015-0173 |
medium |
— |
4.3 |
|
|
ibm |
11y ago |
The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easie… |
| CVE-2015-0112 |
medium |
— |
4.0 |
|
|
ibm |
11y ago |
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3… |
