Search Results (363023 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2159 1 Ibm 2 Security Appscan Source, Spss Data Collection 2025-04-11 N/A
Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used in IBM Security AppScan Source 7.x and 8.x before 8.6 and IBM SPSS Data Collection Developer Library 6.0 and 6.0.1, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2012-2162 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 and earlier uses unencrypted HTTP communication after expiration of the plugin-key.kdb password, which allows remote attackers to obtain sensitive information by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
CVE-2012-2163 1 Ibm 1 Scale Out Network Attached Storage 2025-04-11 N/A
IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 allows remote authenticated administrators to execute arbitrary Linux commands via the (1) Command Line Interface or (2) Graphical User Interface, related to a "code injection" issue.
CVE-2012-2164 1 Ibm 1 Rational Clearquest 2025-04-11 N/A
The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to bypass intended access restrictions, and use the Site Administration menu to modify system settings, via a parameter-tampering attack.
CVE-2012-2169 1 Ibm 1 Rational Clearquest 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field.
CVE-2012-2172 1 Ibm 18 Ds4100, Ds4200, Ds4300 and 15 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter.
CVE-2012-2174 1 Ibm 1 Lotus Notes 2025-04-11 N/A
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.
CVE-2012-2176 1 Ibm 1 Lotus Quickr 2025-04-11 N/A
Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method.
CVE-2012-2177 1 Ibm 1 Cognos Business Intelligence 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to the search feature.
CVE-2012-2183 1 Ibm 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more 2025-04-11 N/A
Session fixation vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2012-2184 1 Ibm 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more 2025-04-11 N/A
Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors.
CVE-2012-2185 1 Ibm 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more 2025-04-11 N/A
IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2012-2187 1 Ibm 4 Remote Supervisor Adapter Ii Firmware, X3650, X3850 and 1 more 2025-04-11 N/A
IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, and x3950 M2 1.13 and earlier generates weak RSA keys, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
CVE-2012-2188 1 Ibm 2 Power Hardware Management Console Firmware, Systems Director Management Console Firmware 2025-04-11 N/A
IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.
CVE-2012-2190 1 Ibm 1 Websphere Application Server 2025-04-11 N/A
IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol.
CVE-2012-2191 1 Ibm 3 Global Security Kit, Rational Directory Server, Tivoli Directory Server 2025-04-11 N/A
IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM Rational Directory Server, IBM Tivoli Directory Server, and other products, does not properly validate data during execution of a protection mechanism against the Vaudenay SSL CBC timing attack, which allows remote attackers to cause a denial of service (application crash) via crafted values in the TLS Record Layer, a different vulnerability than CVE-2012-2333.
CVE-2012-2192 1 Ibm 2 Aix, Vios 2025-04-11 N/A
The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.1.4-FP-25 SP-02 allows local users to cause a denial of service (system crash) via a crafted application that leverages the presence of a socket on the free list.
CVE-2012-2196 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.
CVE-2012-2199 2 Ibm, Oracle 2 Websphere Mq, Solaris 2025-04-11 N/A
The server message channel agent in the queue manager in the server in IBM WebSphere MQ 7.0.1 before 7.0.1.9, 7.1, and 7.5 on Solaris allows remote attackers to cause a denial of service (invalid address alignment exception and daemon crash) via vectors involving a multiplexed channel.
CVE-2012-2202 1 Ibm 3 Lotus Protector For Mail Security, Proventia Network Mail Security System, Proventia Network Mail Security System Firmware 2025-04-11 N/A
Directory traversal vulnerability in javatester_init.php in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the template parameter.