Vulnerabilities > IBM > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-11-24 | CVE-2011-4160 | Local Unauthorized Access vulnerability in HP Operations Agent and Performance Agent Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors. | 3.2 |
| 2011-11-09 | CVE-2011-1373 | Remote Denial of Service vulnerability in IBM DB2 Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors. local ibm | 1.5 |
| 2011-10-30 | CVE-2009-0905 | Improper Input Validation vulnerability in IBM Websphere MQ IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not properly handle long group names, which might allow local users to gain privileges by leveraging combinations of group names with the same initial substring. | 1.7 |
| 2011-10-05 | CVE-2011-3982 | Resource Management Errors vulnerability in IBM AIX 6.1/7.1 The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs. | 2.1 |
| 2011-09-02 | CVE-2011-0311 | Buffer Errors vulnerability in IBM Java and Runtimes for Java Technology The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service (JVM segmentation fault, and possibly memory consumption or an infinite loop) via a crafted attribute length field in a class file, which triggers a buffer over-read. | 3.5 |
| 2011-08-12 | CVE-2009-5084 | Cryptographic Issues vulnerability in IBM Tivoli Federated Identity Manager 6.2.0/6.2.0.1 IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when com.tivoli.am.fim.infocard.delegates.InfoCardSTSDelegate tracing is enabled, creates a cleartext log entry containing a password, which might allow local users to obtain sensitive information by reading the log data. | 1.9 |
| 2011-08-12 | CVE-2009-5085 | Permissions, Privileges, and Access Controls vulnerability in IBM Tivoli Federated Identity Manager 6.2.0/6.2.0.1 IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page. | 2.6 |
| 2011-07-19 | CVE-2011-1356 | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. | 2.1 |
| 2011-05-26 | CVE-2010-4807 | Race Condition vulnerability in IBM web Content Manager 7.0.0.1 Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 allows remote authenticated users to cause a denial of service (infinite recursive query) via unspecified vectors, related to a StackOverflowError exception. | 3.5 |
| 2011-05-24 | CVE-2011-1424 | Configuration vulnerability in EMC Sourceone Email Management 6.5.2.3668 The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing. | 3.5 |