Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1490 | 1 Ibm | 1 Cognos 8 Business Intelligence | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors. | |||||
| CVE-2012-5308 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action. | |||||
| CVE-2012-4816 | 1 Ibm | 1 Rational Automation Framework | 2025-04-11 | 7.5 HIGH | N/A |
| IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080. | |||||
| CVE-2013-3042 | 1 Ibm | 2 Rational Software Architect Design Manager, Rhapsody Design Manager | 2025-04-11 | 2.1 LOW | N/A |
| Directory traversal vulnerability in the server in IBM Rational Software Architect Design Manager and Rhapsody Design Manager 3.x and 4.x before 4.0.5 allows local users to read arbitrary files via vectors involving temporary files. | |||||
| CVE-2013-0534 | 1 Ibm | 2 Lotus Sametime, Sametime | 2025-04-11 | 1.9 LOW | N/A |
| The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory. | |||||
| CVE-2010-3759 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2025-04-11 | 10.0 HIGH | N/A |
| FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 writes a certain value to a memory location specified by a UDP packet field, which allows remote attackers to execute arbitrary code via multiple requests. NOTE: this might overlap CVE-2010-3058. | |||||
| CVE-2010-0155 | 1 Ibm | 2 Proventia Network Mail Security System Virtual Appliance, Proventia Network Mail Security System Virtual Appliance Firmware | 2025-04-11 | 3.5 LOW | N/A |
| CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter. | |||||
| CVE-2010-2635 | 1 Ibm | 1 Websphere Commerce | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages." | |||||
| CVE-2011-1371 | 1 Ibm | 1 Websphere Ilog Rule Team Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM WebSphere ILOG Rule Team Server 7.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an Unknown Error document, a different vulnerability than CVE-2011-4171. | |||||
| CVE-2011-2893 | 1 Ibm | 1 Lotus Symphony | 2025-04-11 | 4.3 MEDIUM | N/A |
| The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value reference. | |||||
| CVE-2011-2759 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
| CVE-2009-2753 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size. | |||||
| CVE-2013-0533 | 1 Ibm | 1 Lotus Sametime | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3030 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 5.0 MEDIUM | N/A |
| The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service (temporary gateway outage) via crafted HTTP requests. | |||||
| CVE-2012-2192 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | 4.9 MEDIUM | N/A |
| The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list. | |||||
| CVE-2012-4842 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2012-2174 | 1 Ibm | 1 Lotus Notes | 2025-04-11 | 9.3 HIGH | N/A |
| The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. | |||||
| CVE-2012-0743 | 1 Ibm | 1 Tivoli Directory Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote attackers to cause a denial of service (daemon crash) via a malformed LDAP paged search request. | |||||
| CVE-2013-0586 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1844 | 3 Dell, Ibm, Quantum | 9 Powervault Ml6000, Powervault Ml6000 Firmware, Powervault Ml6010 and 6 more | 2025-04-11 | 7.5 HIGH | N/A |
| The Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library with firmware before R6C (606G.GS001), uses default passwords for unspecified user accounts, which makes it easier for remote attackers to obtain access via unknown vectors. | |||||