Filtered by vendor Ibm
Subscribe
Total
6987 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4805 | 1 Ibm | 1 Lotus Connections | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the community title, (2) API input, and vectors related to the (3) Homepage, (4) Blogs, (5) Profiles, (6) Dogear, (7) Activities, and (8) Global Search components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5228 | 1 Ibm | 1 Workplace Content Management | 2023-12-10 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Workplace Content Management (WCM) 6.0G and 6.1 before CF8, when a Page Navigation Component shows menu entries, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in the URI, related to parameters "not being encoded." | |||||
| CVE-2009-0896 | 1 Ibm | 1 Websphere Mq | 2023-12-10 | 10.0 HIGH | N/A |
| Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before 6.0.2.7 and 7.x before 7.0.1.0 allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2009-3106 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application. | |||||
| CVE-2008-6973 | 1 Ibm | 1 Websphere Commerce | 2023-12-10 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors. | |||||
| CVE-2009-1056 | 1 Ibm | 1 Rational Appscan | 2023-12-10 | 5.0 MEDIUM | N/A |
| IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing." | |||||
| CVE-2009-2091 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.0 MEDIUM | N/A |
| The System Management/Repository component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 on z/OS uses weak file permissions for new applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-0433 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 2.6 LOW | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1.x before 5.1.1.19, 6.0.x before 6.0.2.29, and 6.1.x before 6.1.0.19, when Web Server plug-in content buffering is enabled, allows attackers to cause a denial of service (daemon crash) via unknown vectors, related to a mishandling of client read failures in which clients receive many 500 HTTP error responses and backend servers are incorrectly labeled as down. | |||||
| CVE-2009-1522 | 2 Ibm, Microsoft | 3 Aix, Tivoli Storage Manager Client, Windows | 2023-12-10 | 7.1 HIGH | N/A |
| The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. | |||||
| CVE-2009-3159 | 1 Ibm | 1 Websphere Mq | 2023-12-10 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the rriDecompress function in IBM WebSphere MQ 7.0.0.0, 7.0.0.1, and 7.0.0.2 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2009-3816 | 1 Ibm | 1 Lotus Connections | 2023-12-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Activities pages in the Mobile subsystem in IBM Lotus Connections 2.5.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-3235 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors. | |||||
| CVE-2008-3160 | 1 Ibm | 1 Data Ontap | 2023-12-10 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1.3, as used by IBM System Storage N series Filer and IBM System Storage N series Gateway, have unknown impact and attack vectors. | |||||
| CVE-2009-0891 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 5.5 MEDIUM | N/A |
| The Web Services Security component in IBM WebSphere Application Server 7.0 before Fix Pack 1 (7.0.0.1), 6.1 before Fix Pack 23 (6.1.0.23),and 6.0.2 before Fix Pack 33 (6.0.2.33) does not properly enforce (1) nonce and (2) timestamp expiration values in WS-Security bindings as stored in the com.ibm.wsspi.wssecurity.core custom property, which allows remote authenticated users to conduct session hijacking attacks. | |||||
| CVE-2009-4327 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
| The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2009-2858 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
| Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure. | |||||
| CVE-2008-1601 | 1 Ibm | 1 Aix | 2023-12-10 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and 5.3 allows local users in the shutdown group to gain privileges. | |||||
| CVE-2009-1954 | 1 Ibm | 1 Aix | 2023-12-10 | 7.8 HIGH | N/A |
| Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 allows attackers to cause a denial of service (daemon hang) via unknown vectors, related to libtli. | |||||
| CVE-2009-2087 | 1 Ibm | 1 Websphere Application Server | 2023-12-10 | 2.1 LOW | N/A |
| The Web Services functionality in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, in certain circumstances involving the ibm-webservicesclient-bind.xmi file and custom password encryption, uses weak password obfuscation, which allows local users to cause a denial of service (deployment failure) via unspecified vectors. | |||||
| CVE-2009-4239 | 1 Ibm | 1 Infosphere Information Server | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||