| CVE-2011-3575 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName paramete… |
| CVE-2011-3391 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to re… |
| CVE-2011-3390 |
medium |
— |
5.3 |
EXP |
|
ibm |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informi… |
| CVE-2011-1359 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
Directory traversal vulnerability in the administration console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.41, 7.0 before 7.0.0.19, and 8.0 before 8.0.0.1 allows remote attackers to r… |
| CVE-2011-3387 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service (memory consumption or an infinite loop) via a crafted attribute length field in a clas… |
| CVE-2011-0311 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of se… |
| CVE-2011-3140 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same pa… |
| CVE-2011-3138 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 re… |
| CVE-2011-3137 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6… |
| CVE-2011-3136 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6… |
| CVE-2011-3135 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has … |
| CVE-2009-5085 |
low |
— |
2.6 |
|
|
ibm |
15y ago |
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-par… |
| CVE-2009-5084 |
low |
— |
1.9 |
|
|
ibm |
15y ago |
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a passwor… |
| CVE-2009-5083 |
medium |
— |
6.8 |
|
|
ibm |
15y ago |
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID relying party, does not perform the expected login rejection upon receiving an OP-Identifier from an Op… |
| CVE-2008-7299 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Iss… |
| CVE-2011-1357 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows… |
| CVE-2011-3124 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
15y ago |
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which al… |
| CVE-2011-3123 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
15y ago |
IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows … |
| CVE-2011-2893 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value refe… |
| CVE-2011-2888 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation. |
| CVE-2011-2887 |
medium |
— |
4.3 |
|
linux-kernel |
ibm |
15y ago |
IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document. |
| CVE-2011-2886 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets. |
| CVE-2011-2885 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar. |
| CVE-2011-2884 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues." |
| CVE-2011-1356 |
low |
— |
2.1 |
|
|
ibm |
15y ago |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. |
| CVE-2011-1355 |
medium |
— |
5.8 |
|
|
ibm |
15y ago |
Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing… |
| CVE-2010-3271 |
medium |
— |
7.8 |
EXP |
|
ibm |
15y ago |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote… |
| CVE-2011-2759 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication field… |
| CVE-2011-2758 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not require authentication for access to LDAP Server log files, which allows remo… |
| CVE-2011-2754 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page Builder) theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager (WCM) and other products, al… |
| CVE-2011-1223 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.… |
| CVE-2011-1222 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2… |
| CVE-2011-1224 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner… |
| CVE-2011-2682 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The Login component in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote authenticated users to cause a denial of service (license consumption) by trying to login to DOORS Web Access w… |
| CVE-2011-2681 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly handle exceptions, which has unspecified impact and remote attack vectors. |
| CVE-2011-2680 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 has unknown impact and remote attack vectors related to the "server error response." |
| CVE-2011-2679 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2011-2607 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165513. |
| CVE-2011-2606 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Ite… |
| CVE-2011-2330 |
critical |
— |
9.0 |
|
|
ibm |
15y ago |
Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send … |
| CVE-2011-1220 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts … |
| CVE-2011-1512 |
critical |
— |
9.3 |
|
|
autonomyibm |
15y ago |
Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel… |
| CVE-2011-1218 |
critical |
— |
9.3 |
|
|
autonomyibm |
15y ago |
Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. N… |
| CVE-2011-1217 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these… |
| CVE-2011-1216 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadshe… |
| CVE-2011-1215 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office d… |
| CVE-2011-1214 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, a… |
| CVE-2011-1213 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that trigg… |
| CVE-2011-2173 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The implementation of OutputMediator objects in IBM WebSphere Portal 6.0.1.7, and 7.0.0.1 before CF002, allows remote authenticated users to cause a denial of service (memory consumption) via request… |
| CVE-2011-2172 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2010-4807 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a St… |
| CVE-2010-4806 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain r… |
| CVE-2011-1424 |
low |
— |
3.5 |
|
|
emcmicrosoftibm |
15y ago |
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the t… |
| CVE-2011-2163 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors. |
| CVE-2011-2144 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The eDocument Conversion Actions implementation in IBM Datacap Taskmaster Capture 8.0.1 FP1 and earlier allows remote attackers to cause a denial of service (batch abort) via a long subject line in a… |
| CVE-2011-2143 |
medium |
— |
6.8 |
|
|
ibm |
15y ago |
IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account n… |
| CVE-2011-2142 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before FP1 requires a cleartext password, which has unspecified impact and attack vectors. |
| CVE-2011-2141 |
high |
— |
7.5 |
|
|
ibm |
15y ago |
SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2011-1208 |
high |
— |
7.8 |
|
|
ibm |
15y ago |
IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite an… |
| CVE-2011-1207 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properl… |
| CVE-2011-1209 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext dat… |
| CVE-2011-1847 |
medium |
— |
4.9 |
|
|
ibm |
15y ago |
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABL… |
| CVE-2011-1846 |
medium |
— |
6.5 |
|
|
ibm |
15y ago |
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by le… |
| CVE-2011-1839 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IBM Rational Build Forge 7.1.0 uses the HTTP GET method during redirection from the authentication servlet to a PHP script, which makes it easier for context-dependent attackers to discover session I… |
| CVE-2011-1822 |
low |
— |
2.1 |
|
|
ibm |
15y ago |
The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitiv… |
| CVE-2011-1821 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 on Windows allows remote authenticated users to cause a denial of service (daemon hang) via a cn=changelog search. |
| CVE-2011-1820 |
low |
— |
1.7 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.… |
| CVE-2011-1206 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
Stack-based buffer overflow in the server process in ibmslapd.exe in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 befor… |
| CVE-2010-4789 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0… |
| CVE-2010-4788 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial o… |
| CVE-2010-4787 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon hang) via a paged search that triggers impro… |
| CVE-2010-4786 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka 6.0.0.8-TIV-ITDS-IF0005) allows remote authenticated users to cause a denial of service (daemon crash or hang) via a paged search, as demons… |
| CVE-2010-4785 |
medium |
— |
4.0 |
|
linux-kernel |
ibm |
15y ago |
The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka 6.0.0.8-TIV-ITDS-IF0004) on Linux, Solaris, and Windows allows remote authenticated users to cause… |
| CVE-2009-5073 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) by adding a nested g… |
| CVE-2009-5072 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
Memory leak in the ldap_explode_dn function in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.61 (aka 6.0.0.8-TIV-ITDS-IF0003) allows remote authenticated users to cause a denial of service (memo… |
| CVE-2008-7290 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
Memory leak in the ldap_explode_rdn API function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allows remote authenticated users to cause a denial of service (memory consump… |
| CVE-2008-7289 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 does not properly handle the simultaneous changing of multiple passwords, which makes it easier for remote authenticated users to … |
| CVE-2008-7288 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operati… |
| CVE-2008-7287 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_direct API functions in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allow remote authenticated users to cau… |
| CVE-2007-6743 |
medium |
— |
4.0 |
|
|
ibm |
15y ago |
Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service (ABEND) via search operations that tri… |
| CVE-2007-6742 |
medium |
— |
6.8 |
|
|
ibm |
15y ago |
The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to c… |
| CVE-2011-1683 |
medium |
— |
6.8 |
|
|
ibm |
15y ago |
IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is use… |
| CVE-2011-1560 |
critical |
— |
9.3 |
|
|
ibm |
15y ago |
solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attack… |
| CVE-2011-1559 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 has unknown impact and attack vectors. |
| CVE-2011-1558 |
medium |
— |
4.3 |
|
|
ibm |
15y ago |
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspe… |
| CVE-2011-1205 |
medium |
— |
6.9 |
|
|
ibm |
15y ago |
Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other … |
| CVE-2011-1520 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative ch… |
| CVE-2011-1519 |
critical |
— |
10.0 |
EXP |
|
ibm |
15y ago |
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers … |
| CVE-2011-1505 |
critical |
— |
10.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 services for Lotus Domino has unknown impact and attack vectors, aka SPR ESEO8DQME2. |
| CVE-2009-5062 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9. |
| CVE-2009-5061 |
low |
— |
2.1 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of … |
| CVE-2009-5060 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in… |
| CVE-2009-5059 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a docume… |
| CVE-2009-5058 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is ac… |
| CVE-2008-7286 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) vi… |
| CVE-2008-7285 |
medium |
— |
5.0 |
|
|
ibm |
15y ago |
Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon c… |
| CVE-2008-7284 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8. |
| CVE-2011-1343 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters." |
| CVE-2011-1322 |
medium |
— |
5.0 |
|
|
ibm |
16y ago |
The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote atta… |
| CVE-2011-1321 |
medium |
— |
6.5 |
|
|
ibm |
16y ago |
The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredentia… |
