Filtered by vendor Ibm
Subscribe
Total
7776 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4589 | 1 Ibm | 1 Enovia | 2011-01-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property. | |||||
| CVE-2010-4094 | 1 Ibm | 2 Rational Quality Manager, Rational Test Lab Manager | 2011-01-11 | 5.0 MEDIUM | N/A |
| The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548. | |||||
| CVE-2009-4152 | 1 Ibm | 1 Websphere Portal | 2011-01-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. | |||||
| CVE-2010-4600 | 2 Dojofoundation, Ibm | 2 Dojo Toolkit, Rational Clearquest | 2011-01-04 | 5.0 MEDIUM | N/A |
| Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1, allows remote attackers to read cookies by navigating to a Dojo file, related to an "open direct" issue. | |||||
| CVE-2010-4601 | 1 Ibm | 1 Rational Clearquest | 2011-01-04 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files. | |||||
| CVE-2010-4590 | 1 Ibm | 1 Lotus Mobile Connect | 2010-12-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-4594 | 1 Ibm | 1 Lotus Mobile Connect | 2010-12-27 | 4.3 MEDIUM | N/A |
| The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to cause a denial of service (memory consumption and HTTP-AS hang) by making many connection requests that trigger "queue size delta errors," related to a "timing hole" issue. | |||||
| CVE-2010-4595 | 1 Ibm | 1 Lotus Mobile Connect | 2010-12-27 | 5.0 MEDIUM | N/A |
| The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header. | |||||
| CVE-2010-4551 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation. | |||||
| CVE-2010-4548 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 2.1 LOW | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client. | |||||
| CVE-2010-4553 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 5.0 MEDIUM | N/A |
| An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
| CVE-2009-5035 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.3 MEDIUM | N/A |
| The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages. | |||||
| CVE-2009-5036 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.0 MEDIUM | N/A |
| traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. | |||||
| CVE-2010-4546 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request. | |||||
| CVE-2010-4552 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 5.0 MEDIUM | N/A |
| Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients. | |||||
| CVE-2010-4549 | 2 Ibm, Nokia | 2 Lotus Notes Traveler, S60 | 2010-12-17 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. | |||||
| CVE-2010-4547 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 3.5 LOW | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. | |||||
| CVE-2010-4550 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 5.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document. | |||||
| CVE-2010-4545 | 1 Ibm | 1 Lotus Notes Traveler | 2010-12-17 | 4.0 MEDIUM | N/A |
| IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data. | |||||
| CVE-2010-4217 | 1 Ibm | 1 Tivoli Directory Server | 2010-11-10 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service (daemon crash) via an unbind request that occurs during a certain search operation. | |||||