| CVE-2011-1424 |
low |
— |
3.5 |
|
|
emcmicrosoftibm |
15y ago |
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the t… |
| CVE-2011-2141 |
high |
— |
7.5 |
|
|
ibm |
15y ago |
SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2011-1208 |
high |
— |
7.8 |
|
|
ibm |
15y ago |
IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 (aka 6.3.49), and 6.5.x before 6.5 FP4 (aka 6.5.0.4) does not properly handle the (1) rpc_test_svc_readwrite an… |
| CVE-2011-1822 |
low |
— |
2.1 |
|
|
ibm |
15y ago |
The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0009 stores a cleartext SHA password in the change log, which might allow local users to obtain sensitiv… |
| CVE-2011-1820 |
low |
— |
1.7 |
|
|
ibm |
15y ago |
IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, 6.0 before 6.0.0.67 (aka 6.0.0.8-TIV-ITDS-IF0009), 6.1 before 6.1.0.40 (aka 6.1.0.5-TIV-ITDS-IF0003), 6.2 before 6.2.0.16 (aka 6.… |
| CVE-2011-1520 |
high |
— |
7.2 |
|
|
ibm |
15y ago |
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative ch… |
| CVE-2009-5062 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX allows remote authenticated users to cause a denial of service (daemon crash) by subscribing to an Atom feed, aka SPR JRIE7VKMP9. |
| CVE-2009-5061 |
low |
— |
2.1 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of … |
| CVE-2009-5060 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by accessing an entry in… |
| CVE-2009-5059 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a docume… |
| CVE-2009-5058 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by deleting an item that is ac… |
| CVE-2008-7286 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) vi… |
| CVE-2008-7284 |
low |
— |
3.5 |
|
|
ibm |
15y ago |
IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8. |
| CVE-2011-1343 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters." |
| CVE-2011-1310 |
low |
— |
1.9 |
|
|
ibm |
16y ago |
The Administrative Scripting Tools component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15, when tracing is enabled, places wsadmin command parameters into… |
| CVE-2011-1309 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The Plug-in component in IBM WebSphere Application Server (WAS) before 7.0.0.15 does not properly handle trace requests, which has unspecified impact and attack vectors. |
| CVE-2011-1307 |
low |
— |
2.1 |
|
|
ibm |
16y ago |
The installer in IBM WebSphere Application Server (WAS) before 7.0.0.15 uses 777 permissions for a temporary log directory, which allows local users to have unintended access to log files via standar… |
| CVE-2011-1029 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 2.0.0.x allows remote authenticated users to inject arbitrary web script or HTML via the name of a shared report. |
| CVE-2011-0731 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrar… |
| CVE-2010-4606 |
high |
— |
7.5 |
|
linux-kernel |
ibm |
16y ago |
Unspecified vulnerability in the Space Management client in the Hierarchical Storage Management (HSM) component in IBM Tivoli Storage Manager (TSM) 5.4.x before 5.4.3.4, 5.5.x before 5.5.3, 6.1.x bef… |
| CVE-2010-4604 |
high |
— |
8.2 |
EXP |
linux-kernel |
ibm |
16y ago |
Stack-based buffer overflow in the GeneratePassword function in dsmtca (aka the Trusted Communications Agent or TCA) in the backup-archive client in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.… |
| CVE-2010-4548 |
low |
— |
2.1 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this m… |
| CVE-2010-4547 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, whic… |
| CVE-2010-3896 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The ESSearchApplication directory tree in IBM OmniFind Enterprise Edition 8.x and 9.x does not require authentication, which allows remote attackers to modify the server configuration via a request t… |
| CVE-2010-3895 |
high |
— |
8.2 |
EXP |
|
ibm |
16y ago |
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. |
| CVE-2010-3893 |
high |
— |
8.5 |
EXP |
|
ibm |
16y ago |
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbit… |
| CVE-2010-4121 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read datab… |
| CVE-2010-4069 |
high |
— |
8.5 |
|
|
ibm |
16y ago |
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenti… |
| CVE-2010-3760 |
high |
— |
7.8 |
|
|
ibm |
16y ago |
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory, … |
| CVE-2010-3737 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-d… |
| CVE-2010-3735 |
low |
— |
2.1 |
|
|
ibm |
16y ago |
The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certai… |
| CVE-2010-3733 |
high |
— |
7.2 |
|
|
ibm |
16y ago |
The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file. |
| CVE-2010-3732 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows fo… |
| CVE-2009-4998 |
low |
— |
2.6 |
|
|
ibm |
16y ago |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a secu… |
| CVE-2008-7261 |
low |
— |
2.1 |
|
|
ibm |
16y ago |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-010 records DEBUG messages containing user credentials in the log4j.xml file, which might allow local u… |
| CVE-2010-0155 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticat… |
| CVE-2010-3196 |
low |
— |
3.5 |
|
|
ibm |
16y ago |
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. |
| CVE-2010-3194 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files own… |
| CVE-2010-3059 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and… |
| CVE-2010-3058 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and exec… |
| CVE-2010-2518 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before FP3 and the P8 Content Search Engine (P8CSE) before 4.5.0 FP3 and 4.5.1 before FP1, as used in IBM FileNet P8 Content Manager (C… |
| CVE-2010-2517 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report. |
| CVE-2010-1632 |
high |
— |
7.5 |
|
|
ibmapache |
16y ago |
Improper Input Validation in Apache Axis2 |
| CVE-2010-2324 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows attackers to perform unspecified "link injection" actions via unknown vectors. |
| CVE-2010-2279 |
high |
— |
7.6 |
|
|
ibm |
16y ago |
The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote atta… |
| CVE-2010-0777 |
low |
— |
2.6 |
|
|
ibm |
16y ago |
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle long filenames and consequently sends an incorre… |
| CVE-2010-1651 |
low |
— |
1.9 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x before 7.0.0.11, when Basic authentication and SIP tracing (aka full trace logging for SIP) are enabled, logs the entirety of al… |
| CVE-2010-1650 |
low |
— |
1.9 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x before 6.1.0.31, and 7.0.x before 7.0.0.11, when the -trace option (aka debugging mode) is enabled, executes debugging statements t… |
| CVE-2010-1487 |
low |
— |
2.1 |
|
|
ibm |
16y ago |
IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG. |
| CVE-2010-1348 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors. |
| CVE-2010-1347 |
high |
— |
7.2 |
|
linux-kernel |
ibm |
16y ago |
Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users … |
| CVE-2010-1243 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 creates persistent cookies on client workstations, which has unspecified impact and attack vectors. |
| CVE-2010-0769 |
low |
— |
1.9 |
|
|
ibm |
16y ago |
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 does not properly define wsadmin scripting J2CConnectionFactory objects, which allows local use… |
| CVE-2010-1182 |
high |
— |
7.5 |
|
|
ibm |
16y ago |
Multiple unspecified vulnerabilities in the administrative console in IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.9 on z/OS have unknown impact and attack vectors. |
| CVE-2010-0961 |
high |
— |
7.2 |
|
|
ibm |
17y ago |
Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. |
| CVE-2010-0960 |
high |
— |
7.2 |
|
|
ibm |
17y ago |
Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors. |
| CVE-2010-0919 |
high |
— |
7.6 |
|
|
ibm |
17y ago |
Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP… |
| CVE-2010-0557 |
high |
— |
8.5 |
EXP |
|
ibm |
17y ago |
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. |
| CVE-2009-2752 |
low |
— |
1.5 |
|
|
ibm |
17y ago |
IBM WebSphere Commerce 7.0 does not properly encrypt data in a database, which makes it easier for local users to obtain sensitive information by defeating cryptographic protection mechanisms. |
