| CVE-2011-1223 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.… |
| CVE-2011-1222 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
Buffer overflow in the Journal Based Backup (JBB) feature in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2… |
| CVE-2011-2141 |
high |
— |
7.5 |
|
|
ibm |
15y ago |
SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2011-1208 |
high |
— |
7.8 |
|
|
ibm |
15y ago |
IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite an… |
| CVE-2011-1520 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative ch… |
| CVE-2011-1343 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters." |
| CVE-2011-1309 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. |
| CVE-2011-0731 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrar… |
| CVE-2010-4606 |
high |
— |
7.5 |
|
linux-kernel |
ibm |
16y ago |
Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x bef… |
| CVE-2010-4604 |
high |
— |
8.2 |
EXP |
linux-kernel |
ibm |
16y ago |
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.… |
| CVE-2010-3896 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request t… |
| CVE-2010-3895 |
high |
— |
8.2 |
EXP |
|
ibm |
16y ago |
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. |
| CVE-2010-3893 |
high |
— |
8.5 |
EXP |
|
ibm |
16y ago |
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbit… |
| CVE-2010-4121 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read datab… |
| CVE-2010-4069 |
high |
— |
8.5 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenti… |
| CVE-2010-3760 |
high |
— |
7.8 |
|
|
ibm |
16y ago |
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory, … |
| CVE-2010-3733 |
high |
— |
7.2 |
|
|
ibm |
16y ago |
The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file. |
| CVE-2010-3194 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files own… |
| CVE-2010-3059 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and… |
| CVE-2010-3058 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and exec… |
| CVE-2010-2518 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (C… |
| CVE-2010-2517 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report. |
| CVE-2010-1632 |
high |
— |
7.5 |
|
|
ibmapache |
16y ago |
Improper Input Validation in Apache Axis2 |
| CVE-2010-2324 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. |
| CVE-2010-2279 |
high |
— |
7.6 |
|
|
ibm |
16y ago |
The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote atta… |
| CVE-2010-1348 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors. |
| CVE-2010-1347 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
16y ago |
Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users … |
| CVE-2010-1243 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors. |
| CVE-2010-1182 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. |
| CVE-2010-0961 |
high |
— |
7.2 |
|
|
ibm |
17y ago |
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. |
| CVE-2010-0960 |
high |
— |
7.2 |
|
|
ibm |
17y ago |
Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. |
| CVE-2010-0919 |
high |
— |
7.6 |
|
|
ibm |
17y ago |
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP… |
| CVE-2010-0557 |
high |
— |
8.5 |
EXP |
|
ibm |
17y ago |
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. |
