Domino
Sign in to watchby IBM
CVEs (16)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-1274 | Hig | 0.62 | 8.8 | 0.18 | Apr 25, 2017 | IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. IBM X-Force ID: 124749. | |
| CVE-2016-0304 | Hig | 0.53 | 8.1 | 0.01 | Jun 29, 2016 | The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920. | |
| CVE-2016-0278 | Hig | 0.51 | 7.8 | 0.02 | Jun 26, 2016 | Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301. | |
| CVE-2016-0277 | Hig | 0.51 | 7.8 | 0.02 | Jun 26, 2016 | Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301. | |
| CVE-2016-6113 | Med | 0.40 | 6.1 | 0.00 | Feb 1, 2017 | IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |
| CVE-2016-5884 | Med | 0.40 | 6.1 | 0.00 | Feb 1, 2017 | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |
| CVE-2015-1903 | 0.03 | — | 0.34 | May 20, 2015 | Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y. | ||
| CVE-2015-1902 | 0.03 | — | 0.34 | May 20, 2015 | Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA. | ||
| CVE-2015-0135 | 0.03 | — | 0.32 | Apr 21, 2015 | IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9. | ||
| CVE-2015-0179 | 0.03 | — | 0.01 | Apr 6, 2015 | Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. | ||
| CVE-2015-0134 | 0.02 | — | 0.29 | Apr 6, 2015 | Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2015-0117 | 0.02 | — | 0.22 | Apr 6, 2015 | The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM. | ||
| CVE-2015-5040 | 0.00 | — | 0.02 | Oct 29, 2015 | Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994. | ||
| CVE-2015-4994 | 0.00 | — | 0.02 | Oct 29, 2015 | Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-5040. | ||
| CVE-2015-2015 | 0.00 | — | 0.00 | Aug 23, 2015 | Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH8WBPRN. | ||
| CVE-2015-1981 | 0.00 | — | 0.00 | Jun 28, 2015 | Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5. |