Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-10-23 | CVE-2010-4056 | Denial-Of-Service vulnerability in solidDB solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session on port 1315. | 5.0 |
| 2010-10-23 | CVE-2010-4055 | Resource Management Errors vulnerability in IBM Soliddb Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function. | 5.0 |
| 2010-10-20 | CVE-2010-0782 | Unspecified vulnerability in IBM Websphere MQ IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows remote attackers to spoof X.509 certificate authentication, and send or receive channel messages, via a crafted Subject Distinguished Name (DN) value in a certificate. network ibm | 4.3 |
| 2010-10-05 | CVE-2010-3756 | Improper Input Validation vulnerability in IBM Tivoli Storage Manager Fastback The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. | 5.0 |
| 2010-10-05 | CVE-2010-3755 | Resource Management Errors vulnerability in IBM Tivoli Storage Manager Fastback The _DAS_ReadBlockReply function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via data in a TCP packet. | 5.0 |
| 2010-10-05 | CVE-2010-3740 | Resource Management Errors vulnerability in IBM DB2 9.5 The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function. | 4.0 |
| 2010-10-05 | CVE-2010-3739 | Improper Authentication vulnerability in IBM DB2 Universal Database 9.5 The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. | 6.4 |
| 2010-10-05 | CVE-2010-3738 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5 The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery. | 5.0 |
| 2010-10-05 | CVE-2010-3736 | Resource Management Errors vulnerability in IBM DB2 9.5 Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server. | 4.0 |
| 2010-10-05 | CVE-2010-3734 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5 The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. | 5.0 |