Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1218 | 2 Autonomy, Ibm | 2 Keyview, Lotus Notes | 2025-04-11 | 9.3 HIGH | N/A |
| Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-4000 | 1 Ibm | 1 Cognos Command Center | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in IBM Cognos Command Center before 10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) start or (2) stop services. | |||||
| CVE-2013-5371 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-11 | 2.1 LOW | N/A |
| The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | |||||
| CVE-2010-2279 | 1 Ibm | 1 Lotus Connections | 2025-04-11 | 7.6 HIGH | N/A |
| The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors. | |||||
| CVE-2007-6742 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | 6.8 MEDIUM | N/A |
| The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to cause a denial of service (infinite loop) via a malformed search filter. | |||||
| CVE-2013-4025 | 1 Ibm | 4 Data Studio Web Console, Db2 Recovery Expert, Infosphere Optim Configuration Manager and 1 more | 2025-04-11 | 1.9 LOW | N/A |
| IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2011-1205 | 1 Ibm | 3 Rational Clearcase, Rational Clearquest, Rational Common Licensing | 2025-04-11 | 6.9 MEDIUM | N/A |
| Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone. | |||||
| CVE-2011-1033 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement. | |||||
| CVE-2013-0465 | 1 Ibm | 1 Webshere Cast Iron Cloud Integration | 2025-04-11 | 5.4 MEDIUM | N/A |
| Unspecified vulnerability in the IBM WebSphere Cast Iron physical and virtual appliance 6.0 and 6.1 before 6.1.0.15 and 6.3 before 6.3.0.1, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. | |||||
| CVE-2013-5376 | 1 Ibm | 2 Storwize V7000 Unified, Storwize V7000 Unified Software | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user. | |||||
| CVE-2013-6721 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets. | |||||
| CVE-2013-6328 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. | |||||
| CVE-2013-5442 | 1 Ibm | 2 Security Network Protection Firmware, Security Network Protection Xgs 5100 | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2011-1223 | 2 Ibm, Microsoft | 2 Tivoli Storage Manager, Windows | 2025-04-11 | 7.2 HIGH | N/A |
| Buffer overflow in the Alternate Data Stream (aka ADS or named stream) functionality in the backup-archive client in IBM Tivoli Storage Manager (TSM) before 5.4.3.4, 5.5.x before 5.5.3, 6.x before 6.1.4, and 6.2.x before 6.2.2 on Windows allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2011-4818 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-11 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the uisessionid parameter to an unspecified component. | |||||
| CVE-2013-0509 | 1 Ibm | 2 Tivoli Netcool Application Service Monitors, Tivoli Netcool System Service Monitors | 2025-04-11 | 7.6 HIGH | N/A |
| Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder. | |||||
| CVE-2013-0595 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2025-04-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3. | |||||
| CVE-2013-4056 | 1 Ibm | 1 Infosphere Information Server | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Data Quality Console and Information Analyzer components in IBM InfoSphere Information Server 8.7 through FP2 and 9.1 through 9.1.2.0 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2012-5763 | 1 Ibm | 1 Netezza | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2012-3300 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 2.6 LOW | N/A |
| IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors. | |||||