Vulnerabilities > IBM > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-16 | CVE-2009-5036 | Denial-Of-Service vulnerability in Lotus Notes Traveler traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. | 4.0 |
2010-12-16 | CVE-2009-5035 | Information Exposure vulnerability in IBM Lotus Notes Traveler The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages. | 4.3 |
2010-12-16 | CVE-2009-5034 | Resource Management Errors vulnerability in IBM Lotus Notes Traveler IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service (memory consumption and daemon crash) by syncing a large volume of data, related to the launch of a new process to handle the data while the previous process is still operating on the data. | 4.0 |
2010-12-16 | CVE-2009-5033 | Information Exposure vulnerability in IBM Lotus Notes Traveler IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread. | 4.0 |
2010-12-16 | CVE-2009-5032 | Cryptographic Issues vulnerability in IBM Lotus Notes Traveler The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. | 5.8 |
2010-12-06 | CVE-2010-2639 | Information Exposure vulnerability in IBM Websphere Commerce 7.0/7.0.0.1 IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote attackers to read messages intended for other recipients via vectors involving access by the outbound messaging system to the RunTimeProfileCacheCmdImpl class, related to the caching of mutable objects and "concurrency issues." | 5.0 |
2010-11-17 | CVE-2010-4274 | Permissions, Privileges, and Access Controls vulnerability in IBM Director Agent 6.2.0 reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership. | 4.4 |
2010-11-15 | CVE-2010-2638 | Resource Management Errors vulnerability in IBM Websphere MQ Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value. | 4.0 |
2010-11-12 | CVE-2010-4236 | Multiple vulnerability in RETIRED: IBM OmniFind Untrusted search path vulnerability in estaskwrapper in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges via an ES_LIBRARY_PATH environment variable and a modified PATH environment variable, which is used during execution of the estasklight program, a different vulnerability than CVE-2010-3895. local ibm | 6.9 |
2010-11-12 | CVE-2010-3899 | Resource Management Errors vulnerability in IBM Omnifind 8.0/9.0 IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents. | 5.0 |