Vulnerabilities > IBM > Domino > 8.5.1

DATE CVE VULNERABILITY TITLE RISK
2015-06-28 CVE-2015-1981 Cross-site Scripting vulnerability in IBM Domino
Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYH9WYPR5.
network
high complexity
ibm CWE-79
2.1
2.1
2015-05-20 CVE-2015-1903 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino
Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.
network
low complexity
ibm CWE-119
critical
 10.0
10
2015-05-20 CVE-2015-1902 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino
Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.
network
low complexity
ibm CWE-119
critical
 10.0
10
2015-04-21 CVE-2015-0135 Numeric Errors vulnerability in IBM Domino
IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9.
network
low complexity
ibm CWE-189
critical
 10.0
10
2015-04-06 CVE-2015-0179 Permissions, Privileges, and Access Controls vulnerability in IBM Domino
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.
local
low complexity
ibm CWE-264
7.2
7.2
2015-04-06 CVE-2015-0134 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Domino
Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
ibm CWE-119
critical
 10.0
10
2015-04-06 CVE-2015-0117 Arbitrary Code Execution vulnerability in IBM Domino
The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, aka SPR KLYH9SLRGM.
network
low complexity
ibm
critical
 10.0
10