CVE-2013-2977
https://notcve.org/view.php?id=CVE-2013-2977
Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q. Desbordamiento de entero en IBM Notes v8.5.x anterior a v8.5.3 FP4 Interim Fix 1 y v9.x anterior a v9.0 Interim Fix 1 en Windows, y v8.5.x anterior a v8.5.3 FP5 y v9.x anterior a v9.0.1 en Linux, permite a atacantes remotos ejecutar código arbitrario a través de una imagen PNG malformada en la previsualización de un mensaje de correo electrónico, también conocido como SPR NPEI96K82Q. • https://github.com/defrancescojp/CVE-2013-2977 http://www-01.ibm.com/support/docview.wss?uid=swg21635878 https://exchange.xforce.ibmcloud.com/vulnerabilities/83967 • CWE-189: Numeric Errors •
CVE-2013-0538
https://notcve.org/view.php?id=CVE-2013-0538
Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49. Vulnerabilidad XSS en IBM Lotus Notes 8.x anterior a 8.5.3 FP4 Interim Fix 1 y 9.0 anterior a Interim Fix 1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un elementro SCRIPT en un correo electrónico HTML. Aka SPRs JMOY95BLM6 y JMOY95BN49. • http://www-01.ibm.com/support/docview.wss?uid=swg21633819 http://www.kb.cert.org/vuls/id/912420 https://exchange.xforce.ibmcloud.com/vulnerabilities/83270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-0127
https://notcve.org/view.php?id=CVE-2013-0127
IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49. IBM Lotus Notes v8.x anterior a v8.5.3 FP4 Interim Fix v1 y v9.0 anterior a Interim Fix 1 no bloquea elementos APPLET en correos HTML, lo cual permite a atacantes remotos eludir restricciones de ejecución de código Java y funcionalidades X-Confirm-Reading-To a través de un mensaje manipulado, también conocido como SPRs JMOY95BLM6 y JMOY95BN49. • http://seclists.org/fulldisclosure/2013/Apr/262 http://www-01.ibm.com/support/docview.wss?uid=swg21633819 http://www.kb.cert.org/vuls/id/912420 https://exchange.xforce.ibmcloud.com/vulnerabilities/83775 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-4821 – JDK: getDeclaredMethods() and setAccessible() code execution
https://notcve.org/view.php?id=CVE-2012-4821
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods. Múltiples vulnerabilidades no especificadas en el componente JRE en IBM Java 7 SR2 y anteriores, Java v6.0.1 SR3 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores; como las usadas en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, y Service Deliver Manager; y otros productos de otros vendedores como Red Hat, permite a atacantes remotos a ejecutar código través de vectores relacionados con "uso inseguro" de métodos (1) java.lang.Class getDeclaredMethods o (2) java.lang.reflect.AccessibleObject setAccessible(). • http://rhn.redhat.com/errata/RHSA-2012-1467.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51634 http://www-01.ibm.com/support/docview.wss?uid=swg1IV29659 http://www-01.ibm.com/support/docview.wss?uid=swg21615705 http://www-01.ibm.com/support/docview.wss?uid=swg21615800 http://www-01.ibm.com/support/docview.wss?uid=swg21616490 http://www-01.ibm.com/support/docview.wss? •
CVE-2012-4823 – JDK: java.lang.ClassLoder defineClass() code execution
https://notcve.org/view.php?id=CVE-2012-4823
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method." Una vulnerabilidad no especificada en el componente JRE de IBM Java 7 SR2 y anteriores, SR3 Java v6.0.1 y anteriores, Java 6 SR11 y anteriores, Java 5 SR14 y anteriores, y Java 142 SR13 FP13 y anteriores, tal y como se utiliza en IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control v5.1.2, WebSphere Real Time, Lotus Notes y Domino, Tivoli Storage Productivity Center y Service Deliver Manager y otros productos de otros fabricantes tales como Red Hat, permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con el "uso inseguro del método defineClass java.lang.ClassLoder()." • http://rhn.redhat.com/errata/RHSA-2012-1466.html http://rhn.redhat.com/errata/RHSA-2012-1467.html http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://seclists.org/bugtraq/2012/Sep/38 http://secunia.com/advisories/51326 http://secunia.com/advisories/51327 http://secunia.com/advisories/51634 http://www-01.ibm.com/support/docview.wss?uid=swg1IV29687 http://www-01.ibm.com/support/docview.wss?uid=swg21615705 http •