Filtered by vendor Ibm
Subscribe
Total
7009 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4595 | 1 Ibm | 1 Lotus Mobile Connect | 2010-12-27 | 5.0 MEDIUM | N/A |
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header. | |||||
CVE-2010-4549 | 2 Ibm, Nokia | 2 Lotus Notes Traveler, S60 | 2010-12-17 | 4.0 MEDIUM | N/A |
IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. | |||||
CVE-2010-4552 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 5.0 MEDIUM | N/A |
Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients. | |||||
CVE-2010-4551 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.0 MEDIUM | N/A |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation. | |||||
CVE-2009-5036 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.0 MEDIUM | N/A |
traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. | |||||
CVE-2010-4550 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 5.0 MEDIUM | N/A |
IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document. | |||||
CVE-2009-5035 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.3 MEDIUM | N/A |
The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages. | |||||
CVE-2010-4545 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.0 MEDIUM | N/A |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data. | |||||
CVE-2010-4553 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 5.0 MEDIUM | N/A |
An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
CVE-2010-4547 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 3.5 LOW | N/A |
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. | |||||
CVE-2010-4546 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.0 MEDIUM | N/A |
IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request. | |||||
CVE-2010-4548 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 2.1 LOW | N/A |
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client. | |||||
CVE-2010-4217 | 1 Ibm | 1 Tivoli Directory Server | 2010-11-10 | 5.0 MEDIUM | N/A |
Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service (daemon crash) via an unbind request that occurs during a certain search operation. | |||||
CVE-2010-4220 | 1 Ibm | 1 Websphere Application Server | 2010-11-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." | |||||
CVE-2010-4219 | 1 Ibm | 1 Websphere Portal | 2010-11-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-0563 | 1 Ibm | 1 Websphere Application Server | 2010-11-03 | 5.0 MEDIUM | N/A |
The Single Sign-on (SSO) functionality in IBM WebSphere Application Server (WAS) 7.0.0.0 through 7.0.0.8 does not recognize the Requires SSL configuration option, which might allow remote attackers to obtain sensitive information by sniffing network sessions that were expected to be encrypted. | |||||
CVE-2010-4070 | 1 Ibm | 1 Informix Dynamic Server | 2010-10-27 | 10.0 HIGH | N/A |
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308. | |||||
CVE-2010-4069 | 1 Ibm | 1 Informix Dynamic Server | 2010-10-27 | 8.5 HIGH | N/A |
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023. | |||||
CVE-2009-4331 | 1 Ibm | 1 Db2 | 2010-10-07 | 7.2 HIGH | N/A |
The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. | |||||
CVE-2009-3471 | 1 Ibm | 1 Db2 | 2010-10-07 | 7.5 HIGH | N/A |
IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors. |