Filtered by vendor Ibm
Subscriptions
Total
7885 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3731 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string. | ||||
| CVE-2011-1560 | 1 Ibm | 1 Soliddb | 2025-04-11 | N/A |
| solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x and 6.3.x before 6.3.47, and 6.5.x before 6.5.0.3 uses a password-hash length specified by the client, which allows remote attackers to bypass authentication via a short length value. | ||||
| CVE-2010-3700 | 3 Acegisecurity, Ibm, Vmware | 3 Acegi-security, Websphere Application Server, Springsource Spring Security | 2025-04-11 | N/A |
| VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server (WAS) 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter. | ||||
| CVE-2010-3475 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement. | ||||
| CVE-2011-1558 | 1 Ibm | 1 Webi | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242. | ||||
| CVE-2010-3474 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471. | ||||
| CVE-2010-3471 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | N/A |
| Session fixation vulnerability in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.7-P8AE-FP007 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2010-3470 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 and 4.0.2.x before 4.0.2.7-P8AE-FP007 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-3406 | 1 Ibm | 1 Aix | 2025-04-11 | N/A |
| Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM AIX 5.3 allows local users to leverage system group membership and delete files via unknown vectors. | ||||
| CVE-2010-3398 | 1 Ibm | 1 Lotus Sametime | 2025-04-11 | N/A |
| Unspecified vulnerability in the webcontainer implementation in IBM Lotus Sametime Connect 8.5.1 before CF1 has unknown impact and attack vectors, aka SPRs LXUU87S57H and LXUU87S93W. | ||||
| CVE-2010-3320 | 1 Ibm | 1 Filenet Content Manager | 2025-04-11 | N/A |
| Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2010-3319 | 1 Ibm | 1 Filenet Content Manager | 2025-04-11 | N/A |
| IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file. | ||||
| CVE-2010-3318 | 1 Ibm | 1 Filenet Content Manager | 2025-04-11 | N/A |
| IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits passwords in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2010-3317 | 1 Ibm | 1 Filenet Content Manager | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-3197 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-5424 | 1 Ibm | 1 Flex System Manager | 2025-04-11 | N/A |
| IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account. | ||||
| CVE-2013-5429 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2025-04-11 | N/A |
| The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token. | ||||
| CVE-2010-3196 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. | ||||
| CVE-2010-3195 | 2 Ibm, Microsoft | 2 Db2, Windows Server 2008 | 2025-04-11 | N/A |
| Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." | ||||
| CVE-2010-3194 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. | ||||