| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-4623 |
399 |
|
DoS |
2010-12-30 |
2011-01-11 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before 6.1.1-TIV-AWS-FP0001 allows remote authenticated users to cause a denial of service (worker thread consumption) via shift-reload actions. |
|
2 |
CVE-2010-4603 |
|
|
DoS |
2010-12-29 |
2011-01-11 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 does not prevent modification of back-reference fields, which allows remote authenticated users to interfere with intended record relationships, and possibly cause a denial of service (loop) or have unspecified other impact, by (1) adding or (2) removing a back reference. |
|
3 |
CVE-2010-4594 |
399 |
|
DoS |
2010-12-22 |
2010-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly process TCP connection requests, which allows remote attackers to cause a denial of service (memory consumption and HTTP-AS hang) by making many connection requests that trigger "queue size delta errors," related to a "timing hole" issue. |
|
4 |
CVE-2010-4593 |
399 |
|
DoS |
2010-12-22 |
2011-01-11 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does not properly maintain a certain reference count, which allows remote authenticated users to cause a denial of service (IP address exhaustion) by making invalid attempts to establish sessions with the same VPN ID from multiple devices. |
|
5 |
CVE-2010-4592 |
399 |
|
DoS |
2010-12-22 |
2011-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Mobile Network Connections functionality in the Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when HTTP Access Services (HTTP-AS) is enabled, does not properly handle failed attempts at establishing HTTP-TCP sessions, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) by making many TCP connection attempts. |
|
6 |
CVE-2010-4553 |
20 |
|
DoS |
2010-12-16 |
2010-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. |
|
7 |
CVE-2010-4552 |
399 |
|
DoS |
2010-12-16 |
2010-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients. |
|
8 |
CVE-2010-4551 |
|
|
DoS |
2010-12-16 |
2010-12-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation. |
|
9 |
CVE-2010-4550 |
20 |
|
DoS |
2010-12-16 |
2010-12-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document. |
|
10 |
CVE-2010-4548 |
20 |
|
DoS |
2010-12-16 |
2010-12-17 |
2.1 |
None |
Remote |
High |
Single system |
None |
None |
Partial |
|
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client. |
|
11 |
CVE-2010-4545 |
399 |
|
DoS |
2010-12-16 |
2010-12-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data. |
|
12 |
CVE-2010-4217 |
399 |
|
DoS |
2010-11-09 |
2010-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Use-after-free vulnerability in the proxy server in IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 and 6.1.x before 6.1.0-TIV-ITDS-FP0005 allows remote attackers to cause a denial of service (daemon crash) via an unbind request that occurs during a certain search operation. |
|
13 |
CVE-2010-4216 |
119 |
|
DoS Overflow |
2010-11-09 |
2010-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM Tivoli Directory Server (TDS) 6.0.0.x before 6.0.0.8-TIV-ITDS-IF0007 does not properly handle invalid buffer references in LDAP BER requests, which might allow remote attackers to cause a denial of service (daemon crash) via vectors involving a buffer that has a memory address near the maximum possible address. |
|
14 |
CVE-2010-4070 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-10-25 |
2010-10-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308. |
|
15 |
CVE-2010-4057 |
189 |
1
|
DoS |
2010-10-23 |
2010-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing many integer fields with two different values, which allows remote attackers to cause a denial of service (invalid memory access and daemon crash) via a TCP session on port 1315. |
|
16 |
CVE-2010-4056 |
|
1
|
DoS |
2010-10-23 |
2010-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform a recursive call to a certain function upon receiving packet data containing a single integer field, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TCP session on port 1315. |
|
17 |
CVE-2010-4055 |
399 |
1
|
DoS |
2010-10-23 |
2010-10-25 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 and earlier allows remote attackers to cause a denial of service (memory consumption and daemon crash) by connecting to TCP port 1315 and sending a packet with many integer fields, which trigger many recursive calls of a certain function. |
|
18 |
CVE-2010-3899 |
399 |
1
|
DoS |
2010-11-12 |
2010-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service (infinite loop) via a crafted series of documents. |
|
19 |
CVE-2010-3760 |
399 |
|
DoS |
2010-10-05 |
2010-10-06 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly handle a certain failure to allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash, and recovery failure) by specifying a large size value within TCP packet data. NOTE: this might overlap CVE-2010-3061. |
|
20 |
CVE-2010-3756 |
20 |
|
DoS |
2010-10-05 |
2010-10-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. NOTE: this might overlap CVE-2010-3060. |
|
21 |
CVE-2010-3755 |
399 |
|
DoS |
2010-10-05 |
2010-10-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The _DAS_ReadBlockReply function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via data in a TCP packet. NOTE: this might overlap CVE-2010-3060. |
|
22 |
CVE-2010-3740 |
399 |
|
DoS |
2010-10-05 |
2012-01-26 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function. |
|
23 |
CVE-2010-3737 |
399 |
|
DoS |
2010-10-05 |
2012-01-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server. |
|
24 |
CVE-2010-3736 |
399 |
|
DoS |
2010-10-05 |
2012-01-26 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server. |
|
25 |
CVE-2010-3735 |
399 |
|
DoS |
2010-10-05 |
2012-01-26 |
2.1 |
None |
Remote |
High |
Single system |
None |
None |
Partial |
|
The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time. |
|
26 |
CVE-2010-3732 |
20 |
|
DoS |
2010-10-05 |
2012-01-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. |
|
27 |
CVE-2010-3196 |
264 |
|
DoS |
2010-08-31 |
2012-01-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. |
|
28 |
CVE-2010-3195 |
|
|
DoS |
2010-08-31 |
2012-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." |
|
29 |
CVE-2010-3061 |
|
|
DoS |
2010-08-20 |
2010-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the message-protocol implementation in the Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (recovery failure), and possibly trigger loss of data, via unknown vectors. |
|
30 |
CVE-2010-3060 |
|
|
DoS |
2010-08-20 |
2010-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the message-protocol implementation in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors. |
|
31 |
CVE-2010-3058 |
399 |
|
DoS Exec Code |
2010-08-20 |
2010-08-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x before 5.5.7, and 6.1.0.0, establishes an open UDP port, which might allow remote attackers to overwrite memory locations and execute arbitrary code, or cause a denial of service (application hang), via unspecified vectors. |
|
32 |
CVE-2010-2927 |
287 |
|
DoS |
2010-08-02 |
2010-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS-IF0006 allows remote attackers to cause a denial of service (daemon crash) via multiple incomplete DIGEST-MD5 connection attempts. |
|
33 |
CVE-2010-2638 |
399 |
|
DoS |
2010-11-15 |
2010-12-01 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value. |
|
34 |
CVE-2010-2328 |
|
|
DoS |
2010-06-18 |
2010-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (NullPointerException) via a large amount of chunked data that uses gzip compression. |
|
35 |
CVE-2010-2327 |
20 |
|
DoS |
2010-06-18 |
2010-06-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11, as used in IBM WebSphere Application Server (WAS) on z/OS, does not properly handle a large HTTP request body in uploading over SSL, which might allow remote attackers to cause a denial of service (daemon fail) via an upload. |
|
36 |
CVE-2010-2090 |
20 |
|
DoS |
2010-05-27 |
2010-05-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. |
|
37 |
CVE-2010-1612 |
|
|
DoS |
2010-04-29 |
2010-05-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The IBM WebSphere DataPower XML Accelerator XA35, Low Latency Appliance XM70, Integration Appliance XI50, B2B Appliance XB60, and XML Security Gateway XS40 SOA Appliances before 3.8.0.0, when a QLOGIC Ethernet interface is used, allow remote attackers to cause a denial of service (interface outage) via malformed ICMP packets to the 0.0.0.0 destination IP address. |
|
38 |
CVE-2010-1560 |
119 |
|
DoS Overflow |
2010-04-27 |
2012-01-26 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462. |
|
39 |
CVE-2010-1460 |
399 |
|
DoS |
2010-04-16 |
2010-06-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data. |
|
40 |
CVE-2010-1124 |
|
|
DoS |
2010-03-26 |
2010-03-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading a certain address field after a successful getaddrinfo function call, which allows context-dependent attackers to cause a denial of service (application crash) via unspecified vectors, as demonstrated by IBM DB2 crashes on "systems with databases cataloged with alternate servers using IP addresses." |
|
41 |
CVE-2010-0922 |
|
|
DoS |
2010-03-03 |
2010-03-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP 5300-11-02 allows attackers to cause a denial of service (LDAP login failure) via unknown vectors. NOTE: some of these details are obtained from third party information. NOTE: there may be no attacker role, and the issue may be triggered entirely by an administrator's installation of an official service pack. |
|
42 |
CVE-2010-0786 |
20 |
|
DoS |
2010-11-09 |
2010-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Web Services Security component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 does not properly implement the Java API for XML Web Services (aka JAX-WS), which allows remote attackers to cause a denial of service (data corruption) via a crafted JAX-WS request that leads to incorrectly encoded data. |
|
43 |
CVE-2010-0781 |
|
|
DoS |
2010-09-21 |
2010-11-11 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted URL. |
|
44 |
CVE-2010-0776 |
20 |
|
DoS |
2010-05-17 |
2010-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Web Container in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 does not properly handle chunked transfer encoding during a call to response.sendRedirect, which allows remote attackers to cause a denial of service via a GET request. |
|
45 |
CVE-2010-0775 |
399 |
|
DoS |
2010-05-17 |
2010-05-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.11 allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a crafted request, related to the nodeagent and Deployment Manager components. |
|
46 |
CVE-2010-0772 |
|
|
DoS |
2010-04-27 |
2010-05-19 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the channel process in IBM WebSphere MQ 7.0 before 7.0.1.2 allows remote authenticated users to cause a denial of service (daemon crash) via "incorrect channel control data." |
|
47 |
CVE-2010-0770 |
399 |
|
DoS |
2010-04-01 |
2010-04-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote authenticated users to cause a denial of service (ORB ListenerThread hang) by aborting an SSL handshake. |
|
48 |
CVE-2010-0557 |
255 |
|
DoS |
2010-02-05 |
2010-02-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Cognos Express 9.0 allows attackers to obtain unspecified access to the Tomcat Manager component, and cause a denial of service, by leveraging hardcoded credentials. |
|
49 |
CVE-2010-0472 |
|
|
DoS |
2010-02-02 |
2012-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence. |
|
50 |
CVE-2010-0358 |
119 |
|
DoS Overflow |
2010-01-20 |
2011-04-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different vulnerability than CVE-2009-3087. |
