CVE-2015-0134 – IBM Lotus Domino SSL2 Client Master Key Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0134
Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer en la implementación SSLv2 en IBM Domino 8.5.x anterior a 8.5.1 FP5 IF3, 8.5.2 anterior a FP4 IF3, 8.5.3 anterior a FP6 IF6, 9.0 anterior a IF7, y 9.0.1 anterior a FP2 IF3 permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino. Authentication is not required to exploit this vulnerability. The flaw exists within the nldap.exe component which listens by default on TCP port 636. When handling Client Master Key Message packets, the process blindly copies attacker supplied data into an undersized buffer. • http://www-01.ibm.com/support/docview.wss?uid=swg21700029 http://www.securitytracker.com/id/1032027 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-0117 – IBM Lotus Domino LDAP ModifyRequest add Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0117
The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM. El servidor LDAP en IBM Domino 8.5.x anterior a 8.5.3 FP6 IF6 y 9.x anterior a 9.0.1 FP3 IF1 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, también conocido como SPR KLYH9SLRGM. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Domino. Authentication is not required to exploit this vulnerability. The specific flaw exists within LDAP handling functionality which listens by default on TCP port 389. The vulnerable code blindly copies attacker supplied data from a specially formatted LDAP ModifyRequest packet to a fixed length stack buffer. • http://www-01.ibm.com/support/docview.wss?uid=swg21700029 http://www.securitytracker.com/id/1032027 •
CVE-2014-3086 – JDK: Privilege escalation issue
https://notcve.org/view.php?id=CVE-2014-3086
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager. Vulnerabilidad no especificada en IBM Java Virtual Machine, utilizado en IBM WebSphere Real Time 3 anterior a Service Refresh 7 FP1 y otros productos, permite a atacantes remotos ganar privilegios mediante el aprovechamiento de la habilidad de ejecutar código en el contexto de un gestor de seguridad. • http://secunia.com/advisories/59680 http://secunia.com/advisories/60081 http://secunia.com/advisories/60317 http://secunia.com/advisories/60622 http://secunia.com/advisories/61577 http://secunia.com/advisories/61640 http://www-01.ibm.com/support/docview.wss?uid=swg1IV62634 http://www-01.ibm.com/support/docview.wss?uid=swg21680333 http://www-01.ibm.com/support/docview.wss?uid=swg21680334 http://www-01.ibm.com/support/docview.wss?uid=swg21686383 http://www-01.ibm.com/ • CWE-266: Incorrect Privilege Assignment •
CVE-2014-0913
https://notcve.org/view.php?id=CVE-2014-0913
Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE. Vulnerabilidad de XSS en IBM iNotes y Domino 8.5.3 FP6 anterior a IF2 y 9.0.1 anterior a FP1 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a través de un mensaje de e-mail, también conocido como SPR BFEY9GXHZE. • http://www-01.ibm.com/support/docview.wss?uid=swg21671981 http://www.securitytracker.com/id/1030215 https://exchange.xforce.ibmcloud.com/vulnerabilities/91880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0892
https://notcve.org/view.php?id=CVE-2014-0892
IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W. IBM Notes y Domino 8.5.x anterior a 8.5.3 FP6 IF3 y 9.x anterior a 9.0.1 FP1 en plataformas de 32-bit de Linux utilizan opciones gcc incorrectas, lo que facilita a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de la ausencia del mecanismo de protección NX y la colocación de código x86 manipulado en la pila, también conocido como SPR KLYH9GGS9W. • http://www-01.ibm.com/support/docview.wss?uid=swg21670264 http://www.kb.cert.org/vuls/id/350089 https://exchange.xforce.ibmcloud.com/vulnerabilities/91286 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •