Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-04-21 | CVE-2008-7288 | Resource Management Errors vulnerability in IBM Tivoli Directory Server 5.2.0/5.2.0.4 IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 on AIX allows remote attackers to cause a denial of service (server destabilization) via an anonymous DIGEST-MD5 LDAP Bind operation. | 5.0 |
| 2011-04-21 | CVE-2008-7287 | Resource Management Errors vulnerability in IBM Tivoli Directory Server 5.2.0/5.2.0.4 Multiple memory leaks in the (1) ldap_init and (2) ldap_url_search_direct API functions in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 allow remote authenticated users to cause a denial of service (memory consumption) by making many function calls. | 4.0 |
| 2011-04-21 | CVE-2007-6743 | Resource Management Errors vulnerability in IBM Tivoli Directory Server 5.2.0/5.2.0.4 Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service (ABEND) via search operations that trigger recursive filter_free calls. | 4.0 |
| 2011-04-21 | CVE-2007-6742 | Resource Management Errors vulnerability in IBM Tivoli Directory Server 5.2.0/5.2.0.4 The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0006 does not properly perform certain sub filter parsing, which allows remote authenticated users to cause a denial of service (infinite loop) via a malformed search filter. | 6.8 |
| 2011-04-13 | CVE-2011-1683 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors. | 6.8 |
| 2011-04-05 | CVE-2011-1561 | Improper Authentication vulnerability in IBM AIX 6.1 The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, when ldap_auth is enabled in ldap.cfg, allows remote attackers to bypass authentication via a login attempt with an arbitrary password. | 6.8 |
| 2011-04-05 | CVE-2011-1558 | Cross-Site Scripting vulnerability in IBM Webi 1.0.4 Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242. | 4.3 |
| 2011-03-29 | CVE-2011-1205 | Buffer Errors vulnerability in IBM products Multiple buffer overflows in unspecified COM objects in Rational Common Licensing 7.0 through 7.1.1.4 in IBM Rational ClearCase 7.0.0.4 through 7.1.1.4, ClearQuest 7.0.0.4 through 7.1.1.4, and other products allow local users to gain privileges via a Trojan horse HTML document in the My Computer zone. | 6.9 |
| 2011-03-22 | CVE-2008-7285 | Unspecified vulnerability in IBM Lotus Quickr 8.1 Unspecified vulnerability in the docnote string handling implementation in IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino allows remote attackers to cause a denial of service (daemon crash) via unknown vectors, aka SPR JFLD7GZT25. | 5.0 |
| 2011-03-08 | CVE-2011-1322 | Resource Management Errors vulnerability in IBM Websphere Application Server The SOAP with Attachments API for Java (SAAJ) implementation in the Web Services component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 allows remote attackers to cause a denial of service (memory consumption) via encrypted SOAP messages. | 5.0 |