| CVE-2010-4606 |
high |
— |
7.5 |
|
linux-kernel |
ibm |
16y ago |
Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x bef… |
| CVE-2010-4604 |
high |
— |
8.2 |
EXP |
linux-kernel |
ibm |
16y ago |
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.… |
| CVE-2010-4601 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related… |
| CVE-2010-3896 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request t… |
| CVE-2010-3895 |
high |
— |
8.2 |
EXP |
|
ibm |
16y ago |
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. |
| CVE-2010-3894 |
critical |
— |
10.0 |
EXP |
|
ibm |
16y ago |
Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Ent… |
| CVE-2010-3893 |
high |
— |
8.5 |
EXP |
|
ibm |
16y ago |
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbit… |
| CVE-2010-4218 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown impact and attack vectors, related to a system that becomes "exposed to the internet." |
| CVE-2010-4121 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read datab… |
| CVE-2010-4070 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before… |
| CVE-2010-4069 |
high |
— |
8.5 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenti… |
| CVE-2010-4053 |
critical |
— |
9.0 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users… |
| CVE-2010-3761 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka Z… |
| CVE-2010-3760 |
high |
— |
7.8 |
|
|
ibm |
16y ago |
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory, … |
| CVE-2010-3759 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP … |
| CVE-2010-3758 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to ex… |
| CVE-2010-3757 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remot… |
| CVE-2010-3754 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields… |
| CVE-2010-3733 |
high |
— |
7.2 |
|
|
ibm |
16y ago |
The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file. |
| CVE-2010-3731 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10,… |
| CVE-2010-3407 |
critical |
— |
10.0 |
EXP |
|
ibm |
16y ago |
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows rem… |
| CVE-2010-3398 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. |
| CVE-2010-3194 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files own… |
| CVE-2010-3193 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. |
| CVE-2010-3186 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not proper… |
| CVE-2010-3059 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and… |
| CVE-2010-3058 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and exec… |
| CVE-2010-2771 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet. |
| CVE-2010-2518 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (C… |
| CVE-2010-2517 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report. |
| CVE-2010-1632 |
high |
— |
7.5 |
|
|
ibmapache |
16y ago |
Improper Input Validation in Apache Axis2 |
| CVE-2010-2324 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. |
| CVE-2010-2279 |
high |
— |
7.6 |
|
|
ibm |
16y ago |
The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote atta… |
| CVE-2010-1039 |
critical |
— |
10.0 |
EXP |
|
hpibm |
16y ago |
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, an… |
| CVE-2010-1608 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln … |
| CVE-2010-1490 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors. |
| CVE-2010-1348 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors. |
| CVE-2010-1347 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
16y ago |
Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users … |
| CVE-2010-1243 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors. |
| CVE-2010-1182 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. |
| CVE-2010-1041 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Con… |
| CVE-2010-0961 |
high |
— |
7.2 |
|
|
ibm |
17y ago |
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. |
| CVE-2010-0960 |
high |
— |
7.2 |
|
|
ibm |
17y ago |
Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. |
| CVE-2009-3032 |
critical |
— |
10.0 |
|
|
ibmsymantec |
17y ago |
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and o… |
| CVE-2009-2754 |
critical |
— |
10.0 |
EXP |
|
ibmemc |
17y ago |
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.… |
| CVE-2009-2753 |
critical |
— |
10.0 |
EXP |
|
ibm |
17y ago |
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10… |
| CVE-2010-0919 |
high |
— |
7.6 |
|
|
ibm |
17y ago |
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP… |
| CVE-2010-0918 |
critical |
— |
10.0 |
|
|
ibm |
17y ago |
Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors. |
| CVE-2010-0557 |
high |
— |
8.5 |
EXP |
|
ibm |
17y ago |
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. |
