Filtered by vendor Ibm
Subscribe
Total
6536 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4547 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-16 | 3.5 LOW | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. | |||||
| CVE-2010-4545 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-16 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data. | |||||
| CVE-2010-4548 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-16 | 2.1 LOW | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client. | |||||
| CVE-2010-4549 | 2 Ibm, Nokia | 2 Lotus Notes Traveler, S60 | 2010-12-16 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. | |||||
| CVE-2010-4550 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-16 | 5.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document. | |||||
| CVE-2010-4551 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-16 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation. | |||||
| CVE-2010-4552 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-16 | 5.0 MEDIUM | N/A |
| Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients. | |||||
| CVE-2010-4553 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-16 | 5.0 MEDIUM | N/A |
| An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
| CVE-2009-5035 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-16 | 4.3 MEDIUM | N/A |
| The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages. | |||||
| CVE-2009-5036 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-16 | 4.0 MEDIUM | N/A |
| traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. | |||||
| CVE-2010-4217 | 1 Ibm | 1 Tivoli Directory Server | 2010-11-10 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service (daemon crash) via an unbind request that occurs during a certain search operation. | |||||
| CVE-2010-4219 | 1 Ibm | 1 Websphere Portal | 2010-11-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4220 | 1 Ibm | 1 Websphere Application Server | 2010-11-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." | |||||
| CVE-2010-0563 | 1 Ibm | 1 Websphere Application Server | 2010-11-02 | 5.0 MEDIUM | N/A |
| The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. | |||||
| CVE-2010-4121 | 1 Ibm | 1 Tivoli Provisioning Manager Os Deployment | 2010-10-28 | 7.5 HIGH | N/A |
| ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only." | |||||
| CVE-2010-4069 | 1 Ibm | 1 Informix Dynamic Server | 2010-10-26 | 8.5 HIGH | N/A |
| Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023. | |||||
| CVE-2010-4070 | 1 Ibm | 1 Informix Dynamic Server | 2010-10-26 | 10.0 HIGH | N/A |
| Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308. | |||||
| CVE-2009-4331 | 1 Ibm | 1 Db2 | 2010-10-06 | 7.2 HIGH | N/A |
| The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. | |||||
| CVE-2009-3471 | 1 Ibm | 1 Db2 | 2010-10-06 | 7.5 HIGH | N/A |
| IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors. | |||||
| CVE-2010-3761 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2010-10-06 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-700. NOTE: this might overlap CVE-2010-3058 or CVE-2010-3059. | |||||