# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2016-6113 |
79 |
|
XSS |
2017-02-01 |
2017-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
2 |
CVE-2016-6087 |
20 |
|
|
2017-06-07 |
2017-07-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. IBM X-Force ID: 117918. |
3 |
CVE-2016-5884 |
79 |
|
XSS |
2017-02-01 |
2017-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
4 |
CVE-2016-5882 |
79 |
|
XSS |
2017-02-01 |
2017-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
5 |
CVE-2016-5880 |
79 |
|
XSS |
2017-02-01 |
2017-07-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
6 |
CVE-2016-2939 |
79 |
|
XSS |
2017-02-01 |
2017-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
7 |
CVE-2016-2938 |
79 |
|
XSS |
2017-02-01 |
2017-07-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
8 |
CVE-2016-0304 |
284 |
|
Exec Code Bypass |
2016-06-28 |
2016-06-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, aka SPR KLYHA7MM3J. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-0920. |
9 |
CVE-2016-0301 |
119 |
|
Exec Code Overflow |
2016-06-26 |
2016-07-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0279. |
10 |
CVE-2016-0279 |
284 |
|
Exec Code Overflow |
2016-06-26 |
2016-07-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0278, and CVE-2016-0301. |
11 |
CVE-2016-0278 |
284 |
|
Exec Code Overflow |
2016-06-26 |
2017-11-14 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0277, CVE-2016-0279, and CVE-2016-0301. |
12 |
CVE-2016-0277 |
284 |
|
Exec Code Overflow |
2016-06-26 |
2016-07-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2016-0278, CVE-2016-0279, and CVE-2016-0301. |
13 |
CVE-2015-5040 |
119 |
|
DoS Exec Code Overflow |
2015-10-29 |
2016-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash) via a crafted GIF image, aka SPRs KLYH9ZDKRE and KLYH9ZTLEZ, a different vulnerability than CVE-2015-4994. |