CVE-2014-3086 – JDK: Privilege escalation issue
https://notcve.org/view.php?id=CVE-2014-3086
Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager. Vulnerabilidad no especificada en IBM Java Virtual Machine, utilizado en IBM WebSphere Real Time 3 anterior a Service Refresh 7 FP1 y otros productos, permite a atacantes remotos ganar privilegios mediante el aprovechamiento de la habilidad de ejecutar código en el contexto de un gestor de seguridad. • http://secunia.com/advisories/59680 http://secunia.com/advisories/60081 http://secunia.com/advisories/60317 http://secunia.com/advisories/60622 http://secunia.com/advisories/61577 http://secunia.com/advisories/61640 http://www-01.ibm.com/support/docview.wss?uid=swg1IV62634 http://www-01.ibm.com/support/docview.wss?uid=swg21680333 http://www-01.ibm.com/support/docview.wss?uid=swg21680334 http://www-01.ibm.com/support/docview.wss?uid=swg21686383 http://www-01.ibm.com/ • CWE-266: Incorrect Privilege Assignment •
CVE-2014-0913
https://notcve.org/view.php?id=CVE-2014-0913
Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via an e-mail message, aka SPR BFEY9GXHZE. Vulnerabilidad de XSS en IBM iNotes y Domino 8.5.3 FP6 anterior a IF2 y 9.0.1 anterior a FP1 permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarios a través de un mensaje de e-mail, también conocido como SPR BFEY9GXHZE. • http://www-01.ibm.com/support/docview.wss?uid=swg21671981 http://www.securitytracker.com/id/1030215 https://exchange.xforce.ibmcloud.com/vulnerabilities/91880 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-0892
https://notcve.org/view.php?id=CVE-2014-0892
IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by leveraging the absence of the NX protection mechanism and placing crafted x86 code on the stack, aka SPR KLYH9GGS9W. IBM Notes y Domino 8.5.x anterior a 8.5.3 FP6 IF3 y 9.x anterior a 9.0.1 FP1 en plataformas de 32-bit de Linux utilizan opciones gcc incorrectas, lo que facilita a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de la ausencia del mecanismo de protección NX y la colocación de código x86 manipulado en la pila, también conocido como SPR KLYH9GGS9W. • http://www-01.ibm.com/support/docview.wss?uid=swg21670264 http://www.kb.cert.org/vuls/id/350089 https://exchange.xforce.ibmcloud.com/vulnerabilities/91286 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-0822
https://notcve.org/view.php?id=CVE-2014-0822
The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z. El servidor IMAP en IBM Domino 8.5.x anterior a 8.5.3 FP6 IF1 y 9.0.x anterior a 9.0.1 FP1 permite a atacantes remotos causar una denegación de servicio (caída del demonio) a través de vectores no especificados, también conocido como SPR KLYH9F4S2Z. • http://osvdb.org/102912 http://secunia.com/advisories/56791 http://www-01.ibm.com/support/docview.wss?uid=swg21663023 https://exchange.xforce.ibmcloud.com/vulnerabilities/90235 •
CVE-2013-6749 – IBM Lotus Quickr ActiveX Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-6749
Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr for Domino 8.5.1 before 8.5.1.42-001b allows remote attackers to execute arbitrary code via a crafted HTML document, a different vulnerability than CVE-2013-6748. Desbordamiento de buffer en el control ActiveX en qp2.cab en IBM Lotus Quickr para Domino 8.5.1 en versiones anteriores a 8.5.1.42-001b permite a atacantes remotos ejecutar código arbitrario a través de un documento HTML manipulado, una vulnerabilidad diferente a CVE-2013-6748. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Quickr for Domino. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within an ActiveX control included in QP2.dll. The specific flaw is a stack buffer overflow in a vulnerable function in the control. • http://osvdb.org/102598 http://secunia.com/advisories/56696 http://www.ibm.com/support/docview.wss?uid=swg21662653 http://www.securityfocus.com/bid/65193 https://exchange.xforce.ibmcloud.com/vulnerabilities/89865 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •