Filtered by vendor Ibm
Subscribe
Total
8031 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4858 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 9.3 HIGH | N/A |
| IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2012-4851 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | |||||
| CVE-2013-2964 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-11 | 7.2 HIGH | N/A |
| Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through 5.5.4.0, 6.1.0 through 6.1.5.4, 6.2.0 through 6.2.4.7, and 6.3.0 through 6.3.0.17 on UNIX and Linux allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2009-5002 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | 6.4 MEDIUM | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection. | |||||
| CVE-2008-7284 | 1 Ibm | 2 Lotus Domino, Lotus Quickr | 2025-04-11 | 3.5 LOW | N/A |
| IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows remote authenticated users to cause a denial of service (daemon crash) by clicking a download link, aka SPR QCAO7E6AM8. | |||||
| CVE-2010-1039 | 3 Hp, Ibm, Sgi | 5 Hp-ux, Nfs\/oncplus, Aix and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. | |||||
| CVE-2013-2988 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 2.6 LOW | N/A |
| Absolute path traversal vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1, 10.1.1, 10.2, and 10.2.1 allows remote authenticated users to read files by leveraging the Report Author privilege, a different vulnerability than CVE-2013-2978. | |||||
| CVE-2010-3407 | 1 Ibm | 1 Lotus Domino | 2025-04-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino 8.0.x before 8.0.2 FP5 and 8.5.x before 8.5.1 FP2 allows remote attackers to execute arbitrary code via a long e-mail address in an ORGANIZER:mailto header in an iCalendar calendar-invitation e-mail message, aka SPR NRBY7ZPJ9V. | |||||
| CVE-2013-4012 | 1 Ibm | 2 Content Template Catalog, Websphere Portal | 2025-04-11 | 4.9 MEDIUM | N/A |
| IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||||
| CVE-2012-0192 | 1 Ibm | 1 Lotus Symphony | 2025-04-11 | 9.3 HIGH | N/A |
| Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a heap-based buffer overflow, as demonstrated by a .doc file. | |||||
| CVE-2010-4591 | 1 Ibm | 1 Lotus Mobile Connect | 2025-04-11 | 4.4 MEDIUM | N/A |
| The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not delete LTPA tokens in response to use of the iNotes Logoff button, which might allow physically proximate attackers to obtain access via an unattended client, related to a cookie domain mismatch. | |||||
| CVE-2011-2607 | 1 Ibm | 1 Rational Team Concert | 2025-04-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165513. | |||||
| CVE-2013-0476 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | 6.4 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to inject arbitrary FTP commands via unspecified vectors. | |||||
| CVE-2013-6745 | 1 Ibm | 1 Security Access Manager For Enterprise Single Sign-on | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. | |||||
| CVE-2012-2205 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query. | |||||
| CVE-2012-2206 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | 3.5 LOW | N/A |
| The Web Gateway component in IBM WebSphere MQ File Transfer Edition 7.0.4 and earlier allows remote authenticated users to read files of arbitrary users via vectors involving a username in a URI, as demonstrated by a modified metadata=fteSamplesUser field to the /transfer URI. | |||||
| CVE-2011-1315 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| Memory leak in the messaging engine in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via network connections associated with a NULL return value from a synchronous JMS receive call. | |||||
| CVE-2012-5947 | 1 Ibm | 1 Spss Samplepower | 2025-04-11 | 9.3 HIGH | N/A |
| Buffer overflow in the vsflex7l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2013-2366 | 1 Ibm | 1 Business Process Monitor | 2025-04-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZDI-CAN-1802. | |||||
| CVE-2012-5759 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance | 2025-04-11 | 9.0 HIGH | N/A |
| The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors. | |||||