| CVE-2010-4547 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, whic… |
| CVE-2010-3894 |
critical |
— |
10.0 |
EXP |
|
ibm |
16y ago |
Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Ent… |
| CVE-2010-4218 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown impact and attack vectors, related to a system that becomes "exposed to the internet." |
| CVE-2010-4070 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before… |
| CVE-2010-4053 |
critical |
— |
9.0 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users… |
| CVE-2010-3761 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka Z… |
| CVE-2010-3759 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP … |
| CVE-2010-3758 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to ex… |
| CVE-2010-3757 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remot… |
| CVE-2010-3754 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields… |
| CVE-2010-3737 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-d… |
| CVE-2010-3735 |
low |
— |
2.1 |
|
|
ibm |
16y ago |
The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certai… |
| CVE-2010-3732 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows fo… |
| CVE-2010-3731 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10,… |
| CVE-2009-4998 |
low |
— |
2.6 |
|
|
ibm |
16y ago |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a secu… |
| CVE-2008-7261 |
low |
— |
2.1 |
|
|
ibm |
16y ago |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local u… |
| CVE-2010-3407 |
critical |
— |
10.0 |
EXP |
|
ibm |
16y ago |
Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows rem… |
| CVE-2010-3398 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. |
| CVE-2010-0155 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticat… |
| CVE-2010-3196 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. |
| CVE-2010-3193 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. |
| CVE-2010-3186 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not proper… |
| CVE-2010-2771 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet. |
| CVE-2010-1039 |
critical |
— |
10.0 |
EXP |
|
hpibm |
16y ago |
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, an… |
| CVE-2010-0777 |
low |
— |
2.6 |
|
|
ibm |
16y ago |
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorre… |
| CVE-2010-1651 |
low |
— |
1.9 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of al… |
| CVE-2010-1650 |
low |
— |
1.9 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements t… |
| CVE-2010-1608 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln … |
| CVE-2010-1490 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors. |
| CVE-2010-1487 |
low |
— |
2.1 |
|
|
ibm |
16y ago |
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. |
| CVE-2010-0769 |
low |
— |
1.9 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local use… |
| CVE-2010-1041 |
critical |
— |
10.0 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Con… |
| CVE-2009-3032 |
critical |
— |
10.0 |
|
|
ibmsymantec |
17y ago |
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and o… |
| CVE-2009-2754 |
critical |
— |
10.0 |
EXP |
|
ibmemc |
17y ago |
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.… |
| CVE-2009-2753 |
critical |
— |
10.0 |
EXP |
|
ibm |
17y ago |
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10… |
| CVE-2010-0918 |
critical |
— |
10.0 |
|
|
ibm |
17y ago |
Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors. |
| CVE-2009-2752 |
low |
— |
1.5 |
|
|
ibm |
17y ago |
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. |
