CVSS: 8.4EPSS: 0%CPEs: 19EXPL: 0CVE-2018-1771
https://notcve.org/view.php?id=CVE-2018-1771
20 Dec 2018 — IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687. IBM Domino 9.0 y 9.0.1 podría permitir que un atacante ejecute comandos en el sistema desencadenando un desbordamiento de búfer en el análisis de los argumentos de la línea de comandos que se pasan a nsd.exe. IBM X-Force ID: 148687. • https://exchange.xforce.ibmcloud.com/vulnerabilities/148687 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0CVE-2016-6087
https://notcve.org/view.php?id=CVE-2016-6087
07 Jun 2017 — IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. IBM Domino versiones 8.5 y 9.0 podría permitir a un atacante robar credenciales utilizando varias sesiones y grandes cantidades de datos mediante la validación de Domino TLS Key Exchange. IBM X-Force ID: 117918. • http://www.ibm.com/support/docview.wss?uid=swg22002808 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 17%CPEs: 5EXPL: 2CVE-2017-1274 – Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)
https://notcve.org/view.php?id=CVE-2017-1274
25 Apr 2017 — IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749. IBM Domino versiones 8.5.3 y 9.0 es vulnerable a desbordamiento basado en pila en el servicio IMAP lo que podría permitir a un atacante autenticado ejecutar código arbitrario especificando un nombre largo de buzón. IBM X-Force ID: 124749. • https://packetstorm.news/files/id/152786 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2016-2938
https://notcve.org/view.php?id=CVE-2016-2938
01 Feb 2017 — IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales den... • http://www.ibm.com/support/docview.wss?uid=swg21992835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2016-2939
https://notcve.org/view.php?id=CVE-2016-2939
01 Feb 2017 — IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales den... • http://www.ibm.com/support/docview.wss?uid=swg21992835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 51EXPL: 0CVE-2016-5880
https://notcve.org/view.php?id=CVE-2016-5880
01 Feb 2017 — IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales den... • http://www.ibm.com/support/docview.wss?uid=swg21992835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2016-5882
https://notcve.org/view.php?id=CVE-2016-5882
01 Feb 2017 — IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales den... • http://www.ibm.com/support/docview.wss?uid=swg21992835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2016-5884
https://notcve.org/view.php?id=CVE-2016-5884
01 Feb 2017 — IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM iNotes es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales den... • http://www.ibm.com/support/docview.wss?uid=swg21992835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 51EXPL: 0CVE-2016-6113
https://notcve.org/view.php?id=CVE-2016-6113
01 Feb 2017 — IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Verse es vulnerable a las secuencias de comandos de sitios cruzados. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la IU Web alterando así la funcionalidad prevista que potencialmente conduce a la divulgación de credenciales dentr... • http://www.ibm.com/support/docview.wss?uid=swg21992835 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 1%CPEs: 25EXPL: 0CVE-2016-0304
https://notcve.org/view.php?id=CVE-2016-0304
29 Jun 2016 — The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920. La Consola de Java en IBM Domino 8.5.x en versiones anteriores a 8.5.3 FP6 IF13 y 9.x en versiones anteriores a 9.0.1 FP6, cuando se util... • http://www-01.ibm.com/support/docview.wss?uid=swg21983328 • CWE-284: Improper Access Control •