Filtered by vendor Ibm
Subscribe
Total
8096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5835 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes Domino before 6.5.5 FP2 and 7.x before 7.0.2 does not require authentication to perform user lookups, which allows remote attackers to obtain the user ID file.
|
|||||
| CVE-2007-4272 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | 1.9 LOW | N/A |
|
Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm).
|
|||||
| CVE-2009-1008 | 2 Ibm, Oracle | 2 Websphere Portal, Application Server | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1010.
|
|||||
| CVE-2007-1675 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.
|
|||||
| CVE-2010-0312 | 2 Ibm, Linux | 2 Tivoli Directory Server, Linux Kernel | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server (TDS) 6.2 on Linux allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SecureWay 3.2 Event Registration Request (aka a 1.3.18.0.2.12.1 request).
|
|||||
| CVE-2009-0855 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-3521 | 1 Ibm | 1 Tivoli Composite Application Manager For Wesbsphere | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2008-0402 | 1 Ibm | 1 Websphere Business Modeler | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Unspecified vulnerability in IBM WebSphere Business Modeler Basic and Advanced 6.0.2.1 before Interim Fix 11 allows remote authenticated users to bypass intended access restrictions and delete unspecified repository resources via unknown vectors, even when they are not administrators or members of the repository's owning group.
|
|||||
| CVE-2007-3263 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the Default Messaging Component in IBM WebSphere Application Server (WAS) 6.1.0.7 and earlier has unknown impact and attack vectors, related to "incorrect authorization on a remote interface to the SDO repository."
|
|||||
| CVE-2008-2880 | 1 Ibm | 1 Afp Viewer Plug-in | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and 3.2.1.1 allows remote attackers to execute arbitrary code via a long SRC property value. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2003-1570 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-09 | 3.5 LOW | N/A |
|
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to "session exposure."
|
|||||
| CVE-2009-0896 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 10.0 HIGH | N/A |
|
Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request.
|
|||||
| CVE-2006-5818 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 7.2 HIGH | N/A |
|
Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2009-0904 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 6.4 MEDIUM | N/A |
|
The IBM Stax XMLStreamWriter in the Web Services component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 does not properly process XML encoding, which allows remote attackers to bypass intended access restrictions and possibly modify data via "XML fuzzing attacks" sent through SOAP requests.
|
|||||
| CVE-2007-4237 | 1 Ibm | 1 Aix | 2025-04-09 | 6.9 MEDIUM | N/A |
|
Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte in AIX 5.2 and 5.3 allows local users to gain root privileges.
|
|||||
| CVE-2009-2860 | 1 Ibm | 1 Db2 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
|
|||||
| CVE-2009-1240 | 1 Ibm | 4 Network Multi-function Security, Proventia Desktop Endpoint Security, Proventia Network Mail Security System and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.
|
|||||
| CVE-2009-2085 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 7.5 HIGH | N/A |
|
The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB).
|
|||||
| CVE-2009-2667 | 1 Ibm | 1 Tklm | 2025-04-09 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability."
|
|||||
| CVE-2006-5004 | 1 Ibm | 1 Aix | 2025-04-09 | 2.1 LOW | N/A |
|
Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.
|
|||||
| CVE-2008-4809 | 1 Ibm | 1 Lotus Connections | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in the Profiles search pages in IBM Lotus Connections 2.x before 2.0.1 have unknown impact and attack vectors related to "Active" content. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6050 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2 Universal Database, Linux Kernel, Windows and 1 more | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."
|
|||||
| CVE-2008-1718 | 2 Autonomy, Ibm | 2 Keyview, Lotus Notes | 2025-04-09 | 9.3 HIGH | N/A |
|
Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment.
|
|||||
| CVE-2009-3900 | 1 Ibm | 2 Aix, Powerha | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp).
|
|||||
| CVE-2007-0442 | 1 Ibm | 1 Os 400 | 2025-04-09 | 5.0 MEDIUM | N/A |
|
Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown impact and remote attack vectors, related to an "Integrity Problem" involving LIC-TCPIP and TCP reset. NOTE: it is possible that this issue is related to CVE-2004-0230, but this is not certain.
|
|||||
| CVE-2008-6105 | 1 Ibm | 2 Workplace For Business Controls And Reporting, Workplace Web Content Management | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in IBM Workplace for Business Controls and Reporting 2.x and IBM Workplace Web Content Management 6.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4581 | 1 Ibm | 1 Enovia Smarteam | 2025-04-09 | 4.0 MEDIUM | N/A |
|
The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release 19 before SP01, allows remote authenticated users to bypass intended access restrictions and read Document objects via the Workflow Process (aka Flow Process) view.
|
|||||
| CVE-2008-2154 | 1 Ibm | 1 Db2 | 2025-04-09 | 6.0 MEDIUM | N/A |
|
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.
|
|||||
| CVE-2009-2211 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2009-3518 | 1 Ibm | 1 Installation Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.
|
|||||
| CVE-2009-0439 | 1 Ibm | 1 Websphere Mq | 2025-04-09 | 7.2 HIGH | N/A |
|
Unspecified vulnerability in the queue manager in IBM WebSphere MQ (WMQ) 5.3, 6.0 before 6.0.2.6, and 7.0 before 7.0.0.2 allows local users to gain privileges via vectors related to the (1) setmqaut, (2) dmpmqaut, and (3) dspmqaut authorization commands.
|
|||||
| CVE-2008-0740 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | 2.1 LOW | N/A |
|
IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) and 6.1 before Fix Pack 15 (6.1.0.15) writes unspecified cleartext information to http_plugin.log, which might allow local users to obtain sensitive information by reading this file.
|
|||||
| CVE-2009-3745 | 1 Ibm | 1 Rational Appscan | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the help pages in IBM Rational AppScan Enterprise Edition 5.5.0.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
|
|||||
| CVE-2009-3089 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-09 | 7.8 HIGH | N/A |
|
IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors, related to (1) the ibmslapd.exe daemon on Windows and (2) the ibmdiradm daemon in the administration server on Linux, as demonstrated by certain modules in VulnDisco Pack Professional 8.11, a different vulnerability than CVE-2006-0717. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pac ...
Show More |
|||||
| CVE-2009-0370 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 allow local users to append data to arbitrary files, related to (1) rmsock and (2) rmsock64 not creating "secure log files."
|
|||||
| CVE-2007-6717 | 1 Ibm | 1 Aix | 2025-04-09 | 7.2 HIGH | N/A |
|
Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2008-3349 | 2 Ibm, Netapp | 3 N Series Storage Server, Data Ontap, Fas900 | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160.
|
|||||
| CVE-2008-0243 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | 7.8 HIGH | N/A |
|
Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.
|
|||||
| CVE-2007-4368 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.
|
|||||
| CVE-2007-6407 | 1 Ibm | 1 Tivoli Provisioning Manager Express | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Provisioning Manager Express allow remote attackers to inject arbitrary web script or HTML via the (1) "assess modification," (2) user-id, and other unspecified fields to the /tpmx URI; or (3) involving unspecified vectors related to "error processing."
|
|||||