| CVE-2011-1558 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspe… |
| CVE-2011-1205 |
medium |
— |
6.9 |
|
|
ibm |
15y ago |
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other … |
| CVE-2008-7285 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon c… |
| CVE-2011-1322 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote atta… |
| CVE-2011-1321 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredentia… |
| CVE-2011-1320 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when the Tivoli Integrated Portal / embedded WebSphere Application Server (TIP/eWAS) … |
| CVE-2011-1319 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by… |
| CVE-2011-1318 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a de… |
| CVE-2011-1317 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the JavaServer Pages (JSP) component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remo… |
| CVE-2011-1316 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thre… |
| CVE-2011-1315 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associa… |
| CVE-2011-1314 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Service Integration Bus (SIB) messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (daemon hang) by performing close ope… |
| CVE-2011-1313 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Double free vulnerability in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote backend IIOP servers to cause a denial of service (S0C4 ABEND and sto… |
| CVE-2011-1312 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows rem… |
| CVE-2011-1311 |
medium |
— |
6.0 |
|
|
ibm |
16y ago |
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml… |
| CVE-2011-1308 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Installation Verification Test (IVT) application in the Install component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attac… |
| CVE-2011-1106 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server in IBM Lotus Sametime allows remote attackers to inject arbitrary web script or HTML via the authReasonCode parameter in an Open… |
| CVE-2011-1038 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString par… |
| CVE-2011-1046 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access ro… |
| CVE-2011-1045 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors. |
| CVE-2011-1034 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the UI in IBM Rational Build Forge 7.0.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter to the fullcontrol program. … |
| CVE-2011-1032 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. |
| CVE-2008-7274 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login functionality is enabled, allows attackers to perform an internal application hashtable login by (1) not providing a password or (2… |
| CVE-2011-1030 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Pag… |
| CVE-2011-0757 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL state… |
| CVE-2011-0679 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web Content Management (WCM) and IBM Lotus Quickr for WebSphere Portal, allows remote attackers to obtain sensitive information via … |
| CVE-2011-0494 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 5.1 before 5.1.0.39-TIV-AWS-IF0040, 6.0 before 6.0.0.25-TIV-AWS-IF0026, 6.1.0 before 6.1.0.5-TIV-AWS-IF0006, a… |
| CVE-2011-0486 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 Business Intelligence (BI) 8.4.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via the pathinfo para… |
| CVE-2011-0310 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted header field in a message. |
| CVE-2011-0316 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote a… |
| CVE-2011-0315 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web Container component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 allows remote attackers … |
| CVE-2011-0314 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 allows remote authenticated users to execute arbitrary code or cause a denial of service (queue manager crash… |
| CVE-2010-4623 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actio… |
| CVE-2010-4622 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 on AIX allows remote attackers to read arbitrary files via a %uff0e%uff0e (e… |
| CVE-2010-4605 |
medium |
— |
6.6 |
|
linux-kernel |
ibm |
16y ago |
Unspecified vulnerability in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.6.10, 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x before 6.1.4, and 6.2.x before 6.2.2 … |
| CVE-2010-4603 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to in… |
| CVE-2010-4602 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via … |
| CVE-2010-4600 |
medium |
— |
5.0 |
|
|
dojofoundationibm |
16y ago |
Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to … |
| CVE-2010-4595 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass … |
| CVE-2010-4594 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to ca… |
| CVE-2010-4593 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address … |
| CVE-2010-4592 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attemp… |
| CVE-2010-4591 |
medium |
— |
4.4 |
|
|
ibm |
16y ago |
The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, whic… |
| CVE-2010-4590 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web scr… |
| CVE-2010-4589 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property. |
| CVE-2010-2644 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 does not properly implement access control, which allows remote attackers to perform governance actions via unspecified API reque… |
| CVE-2010-4553 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vec… |
| CVE-2010-4552 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages … |
| CVE-2010-4551 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person docu… |
| CVE-2010-4550 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document. |
| CVE-2010-4549 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended… |
| CVE-2010-4546 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended … |
| CVE-2010-4545 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data. |
| CVE-2010-4544 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2009-5036 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. |
| CVE-2009-5035 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communicatio… |
| CVE-2009-5034 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service (memory consumption and daemon crash) by syncing a large volume of data, related to the launch o… |
| CVE-2009-5033 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data vi… |
| CVE-2009-5032 |
medium |
— |
5.8 |
|
|
ibm |
16y ago |
The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attacke… |
| CVE-2010-2639 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTim… |
| CVE-2010-4274 |
medium |
— |
4.4 |
|
|
ibm |
16y ago |
reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. |
| CVE-2010-2638 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Pro… |
| CVE-2010-4236 |
medium |
— |
7.9 |
EXP |
|
ibm |
16y ago |
Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PAT… |
| CVE-2010-3899 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of… |
| CVE-2010-3898 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveragin… |
| CVE-2010-3897 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x and 9.x includes the administrator password in the HTML source code, which might allow remote attackers to obtain sensitive infor… |
| CVE-2010-3892 |
medium |
— |
6.8 |
|
|
ibm |
16y ago |
Session fixation vulnerability in the login form in the administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x allows remote attackers to hijack web sessions by replaying a session ID… |
| CVE-2010-3891 |
medium |
— |
7.8 |
EXP |
|
ibm |
16y ago |
Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authenticatio… |
| CVE-2010-3890 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to inject arbitrary web script or HTML via the command parameter to the administration i… |
| CVE-2010-2637 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not encrypt the username and password in the security parameters field, which allows remote attackers to obtain sensitive information b… |
| CVE-2010-4220 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attacke… |
| CVE-2010-4219 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some o… |
| CVE-2010-4217 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a … |
| CVE-2010-4216 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial … |
| CVE-2010-2636 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. |
| CVE-2010-2635 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admi… |
| CVE-2010-0786 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attac… |
| CVE-2010-0785 |
medium |
— |
6.0 |
|
|
ibm |
16y ago |
Cross-site request forgery (CSRF) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to hijack t… |
| CVE-2010-0784 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via… |
| CVE-2010-0783 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrar… |
| CVE-2010-3700 |
medium |
— |
5.0 |
|
|
acegisecurityvmwareibm |
16y ago |
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security |
| CVE-2010-4120 |
medium |
— |
5.3 |
EXP |
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web scr… |
| CVE-2010-4094 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by l… |
| CVE-2010-4057 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, whic… |
| CVE-2010-4056 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attacke… |
| CVE-2010-4055 |
medium |
— |
6.0 |
EXP |
|
ibm |
16y ago |
Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 13… |
| CVE-2010-0782 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguishe… |
| CVE-2010-3756 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate a… |
| CVE-2010-3755 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The _DAS_ReadBlockReply function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to cause … |
| CVE-2010-3740 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users… |
| CVE-2010-3739 |
medium |
— |
6.4 |
|
|
ibm |
16y ago |
The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances i… |
| CVE-2010-3738 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value correspondin… |
| CVE-2010-3736 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap… |
| CVE-2010-3734 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-forc… |
| CVE-2010-0781 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) … |
| CVE-2010-3475 |
medium |
— |
4.0 |
|
|
ibm |
16y ago |
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictio… |
| CVE-2010-3474 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypas… |
| CVE-2010-3473 |
medium |
— |
5.8 |
|
|
ibm |
16y ago |
Open redirect vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allows remote attackers to redirect users to arbitrary web sites and… |
| CVE-2010-3472 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary w… |
| CVE-2010-3471 |
medium |
— |
4.3 |
|
|
ibm |
16y ago |
Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via uns… |
