CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2020-14244
https://notcve.org/view.php?id=CVE-2020-14244
14 Dec 2020 — A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server. Una vulnerabilidad en el manejo de mensajes MIME del servidor Domino (versiones 9 y 10) podría potencialmente ser explotada por un atacante no autenticado, resultando en un desbordamien... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085761 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-14260
https://notcve.org/view.php?id=CVE-2020-14260
02 Dec 2020 — HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system. HCL Domino es susceptible a una vulnerabilidad de desbordamiento de búfer en DXL debido a una comprobación inapropiada de la entrada de usuario. Una explotación con éxito podría permitir a un atacante bloquear Domino o ejecutar código controlado por un atacante en el sistema d... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085500 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4128
https://notcve.org/view.php?id=CVE-2020-4128
01 Dec 2020 — HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service. HCL Domino, es susceptible a una vulnerabilidad de omisión de políticas de bloqueo en el servicio ID Vault. Un atacante no autenticado podría usar esta vulnerabilidad para montar un ataque de fuerza bruta contra el servicio ID Vault • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085408 •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2020-14230
https://notcve.org/view.php?id=CVE-2020-14230
21 Nov 2020 — HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. HCL Domino es susceptible a una vulnerabilidad de Denegación de Servicio causada por una comprobación inapropiada de la entrada suministrada por el usuario. Un atacante remoto no au... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085303 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2020-14234
https://notcve.org/view.php?id=CVE-2020-14234
21 Nov 2020 — HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. HCL Domino es susceptible a una vulnerabilidad de Denegación de Servicio debido a una comprobación inapropiada de la entrada suministrada por el usuario, dándole potencialmente al atacante la capacidad de bloquear el servidor. Versiones anteriores a ve... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0085302 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1712
https://notcve.org/view.php?id=CVE-2017-1712
01 Jul 2020 — "A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions." "Una vulnerabilidad en la implementación del protocolo TLS del servidor Domino podría permitir a un atac... • https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080545 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.4EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1771
https://notcve.org/view.php?id=CVE-2018-1771
20 Dec 2018 — IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687. IBM Domino 9.0 y 9.0.1 podría permitir que un atacante ejecute comandos en el sistema desencadenando un desbordamiento de búfer en el análisis de los argumentos de la línea de comandos que se pasan a nsd.exe. IBM X-Force ID: 148687. • https://exchange.xforce.ibmcloud.com/vulnerabilities/148687 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0CVE-2016-6087
https://notcve.org/view.php?id=CVE-2016-6087
07 Jun 2017 — IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. IBM Domino versiones 8.5 y 9.0 podría permitir a un atacante robar credenciales utilizando varias sesiones y grandes cantidades de datos mediante la validación de Domino TLS Key Exchange. IBM X-Force ID: 117918. • http://www.ibm.com/support/docview.wss?uid=swg22002808 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 17%CPEs: 5EXPL: 2CVE-2017-1274 – Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)
https://notcve.org/view.php?id=CVE-2017-1274
25 Apr 2017 — IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749. IBM Domino versiones 8.5.3 y 9.0 es vulnerable a desbordamiento basado en pila en el servicio IMAP lo que podría permitir a un atacante autenticado ejecutar código arbitrario especificando un nombre largo de buzón. IBM X-Force ID: 124749. • https://packetstorm.news/files/id/152786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0270
https://notcve.org/view.php?id=CVE-2016-0270
08 Feb 2017 — IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue. IBM ... • http://www-01.ibm.com/support/docview.wss?uid=swg21979604 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •