Filtered by vendor Ibm
Subscriptions
Total
8188 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4325 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | ||||
| CVE-2009-2746 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administrative console in the Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.39, 6.1 before 6.1.0.29, and 7.0 before 7.0.0.7 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2009-0879 | 2 Ibm, Microsoft | 2 Director, Windows | 2025-04-09 | N/A |
| The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. | ||||
| CVE-2009-1900 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Configservice APIs in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5, when tracing is enabled, allow remote attackers to obtain sensitive information via unspecified use of the wsadmin scripting tool. | ||||
| CVE-2009-2085 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5 does not properly handle use of Identity Assertion with CSIv2 Security, which allows remote attackers to bypass intended CSIv2 access restrictions via vectors involving Enterprise JavaBeans (EJB). | ||||
| CVE-2009-1786 | 1 Ibm | 1 Aix | 2025-04-09 | N/A |
| The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable. | ||||
| CVE-2009-1898 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| The secure login page in the Administrative Console component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 does not redirect to an https page upon receiving an http request, which makes it easier for remote attackers to read the contents of WAS sessions by sniffing the network. | ||||
| CVE-2009-4239 | 1 Ibm | 1 Infosphere Information Server | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-1522 | 2 Ibm, Microsoft | 3 Aix, Tivoli Storage Manager Client, Windows | 2025-04-09 | N/A |
| The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 on AIX and Windows, when SSL is used, allows remote attackers to conduct unspecified man-in-the-middle attacks and read arbitrary files via unknown vectors. | ||||
| CVE-2009-1520 | 1 Ibm | 2 Tivoli Storage Manager Client, Tivoli Storage Manager Express | 2025-04-09 | N/A |
| Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors. | ||||
| CVE-2009-1334 | 1 Ibm | 1 Tivoli Continuous Data Protection For Files | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html in IBM Tivoli Continuous Data Protection (CDP) for Files 3.1.4.0 allows remote attackers to inject arbitrary web script or HTML via the reason parameter. | ||||
| CVE-2009-2435 | 1 Ibm | 1 Lotus Instant Messaging And Web Conferencing | 2025-04-09 | N/A |
| The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2009-3521 | 1 Ibm | 1 Tivoli Composite Application Manager For Wesbsphere | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-1286 | 1 Ibm | 1 Lotus Domino | 2025-04-09 | N/A |
| The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities. | ||||
| CVE-2009-3469 | 1 Ibm | 1 Lotus Connections | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter. | ||||
| CVE-2006-6136 | 1 Ibm | 1 Websphere Application Server | 2025-04-09 | N/A |
| IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors. | ||||
| CVE-2009-3453 | 1 Ibm | 1 Lotus Quickr | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template. | ||||
| CVE-2009-4052 | 1 Ibm | 2 Rational Application Developer For Websphere, Rational Software Architect | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet. | ||||
| CVE-2009-0172 | 1 Ibm | 1 Db2 Universal Database | 2025-04-09 | N/A |
| Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | ||||
| CVE-2007-6594 | 1 Ibm | 1 Lotus Notes | 2025-04-09 | N/A |
| IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file. | ||||