Vulnerabilities > IBM
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-09-13 | CVE-2010-3317 | Cross-Site Scripting vulnerability in IBM Filenet Content Manager 4.5.0/4.5.1 Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-08-31 | CVE-2010-3197 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7 IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
2010-08-31 | CVE-2010-3196 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7 IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. | 3.5 |
2010-08-31 | CVE-2010-3195 | Unspecified vulnerability in IBM DB2 9.1/9.5/9.7 Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." | 5.0 |
2010-08-31 | CVE-2010-3194 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.1/9.5/9.7 The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. | 7.5 |
2010-08-31 | CVE-2010-3193 | Unspecified vulnerability in IBM DB2 9.1/9.5/9.7 Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. | 10.0 |
2010-08-30 | CVE-2010-3187 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM AIX Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command. | 10.0 |
2010-08-30 | CVE-2010-3186 | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32, when a JAX-WS application is used, does not properly handle an IncludeTimestamp setting in the WS-Security policy, which has unspecified impact and remote attack vectors. | 10.0 |
2010-08-20 | CVE-2010-3061 | Remote Code Execution and Denial of Service vulnerability in IBM Tivoli Storage Manager FastBack Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown vectors. | 5.0 |
2010-08-20 | CVE-2010-3060 | Remote Code Execution and Denial of Service vulnerability in IBM Tivoli Storage Manager FastBack Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors. | 5.0 |