Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-29 | CVE-2008-3860 | Cross-Site Scripting vulnerability in IBM Lotus Quickr 8.1 Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG editors, (2) during local group creation, (3) during HTML redirects, (4) in the HTML import, (5) in the Rich text editor, and (6) in link-page in IBM Lotus Quickr 8.1 services for Lotus Domino before Hotfix 15 allow remote attackers to inject arbitrary web script or HTML via unknown vectors, including (7) the Imported Page. | 4.3 |
| 2008-08-28 | CVE-2008-3858 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1 The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request. | 4.3 |
| 2008-08-28 | CVE-2008-3857 | Information Exposure vulnerability in IBM DB2 Universal Database 9.1 The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. | 4.6 |
| 2008-08-28 | CVE-2008-3855 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1 Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664. | 4.6 |
| 2008-08-28 | CVE-2008-3852 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1/9.5 Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. | 6.5 |
| 2008-08-08 | CVE-2008-3550 | Information Exposure vulnerability in IBM Rational Clearquest 7.0.1 The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote attackers to obtain potentially sensitive information (page source code) via a combination of ?script? and ?/script? sequences in the id field, possibly related to a cross-site scripting (XSS) vulnerability. | 5.0 |
| 2008-07-21 | CVE-2008-3236 | Cryptographic Issues vulnerability in IBM Websphere Application Server Unspecified vulnerability in Wsadmin in the System Management/Repository component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 allows attackers to obtain sensitive information via vectors related to "previously encrypted properties" that are not encrypted. | 5.0 |
| 2008-07-14 | CVE-2008-3161 | Cross-Site Scripting vulnerability in IBM Maximo 4.1/5.2 Multiple cross-site scripting (XSS) vulnerabilities in jsp/common/system/debug.jsp in IBM Maximo 4.1 and 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Accept, (2) Accept-Language, (3) UA-CPU, (4) Accept-Encoding, (5) User-Agent, or (6) Cookie HTTP header. | 4.3 |
| 2008-06-30 | CVE-2008-2943 | Resource Management Errors vulnerability in IBM Tivoli Directory Server Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 through 6.1.0.15 allows remote authenticated administrators to cause a denial of service (ABEND) and possibly execute arbitrary code by using ldapadd to attempt to create a duplicate ibm-globalAdminGroup LDAP database entry. | 6.0 |
| 2008-06-16 | CVE-2008-2709 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM OS 400 V5R4M0/V5R4M5/V6R1M0 Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module on IBM OS/400 V5R4M0, V5R4M5, and V6R1M0 allows local users to cause a denial of service (task halt and main storage dump) via unspecified vectors involving the running of diagnostics on a modem port. | 4.7 |