Skip to main content

Domino

44 CVEs product

Monthly

CVE-2024-23562 HIGH This Week

A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28010 MEDIUM This Month

In some configuration scenarios, the Domino server host name can be exposed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2022-44754 HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Domino
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-44752 HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Domino
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-44750 HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE Buffer Overflow Domino
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2022-38654 MEDIUM This Month

HCL Domino is susceptible to an information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Domino
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-38660 HIGH This Week

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Domino
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-27558 HIGH This Week

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Domino Hcl Inotes
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-27547 HIGH This Week

HCL iNotes is susceptible to a link to non-existent domain vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Hcl Inotes Domino
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2022-27546 MEDIUM This Month

HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Inotes Domino
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2020-14273 HIGH POC This Week

HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Domino
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2020-14270 MEDIUM PATCH This Month

HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Domino
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-4080 MEDIUM PATCH This Month

HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Domino
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-14244 CRITICAL PATCH Act Now

A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Domino
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2020-14260 CRITICAL Act Now

HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Domino
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2020-4128 MEDIUM PATCH This Month

HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hashicorp Authentication Bypass Domino
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2020-14234 HIGH PATCH This Week

HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Domino
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-14230 HIGH PATCH This Week

HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Domino
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2018-1771 HIGH PATCH This Week

IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Buffer Overflow Domino Notes
NVD
CVSS 3.0
7.8
EPSS
0.5%
CVE-2016-6087 CRITICAL PATCH Act Now

IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft IBM Information Disclosure Domino
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2017-1274 HIGH POC THREAT Act Now

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%.

Buffer Overflow RCE IBM Domino
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
17.8%
CVE-2016-0270 MEDIUM PATCH This Month

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix IBM Information Disclosure Client Application Access Domino +1
NVD GitHub
CVSS 3.0
5.9
EPSS
0.5%
CVE-2016-6113 MEDIUM This Month

IBM Verse is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5884 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5882 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-5880 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
5.4
EPSS
0.3%
CVE-2016-2939 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-2938 MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino Inotes
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-0304 HIGH This Week

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM RCE Java Authentication Bypass Domino
NVD
CVSS 3.0
8.1
EPSS
1.1%
CVE-2016-0301 HIGH This Week

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM RCE Buffer Overflow Domino
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2016-0279 HIGH This Week

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM RCE Buffer Overflow Authentication Bypass Domino
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2016-0278 HIGH This Week

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM RCE Buffer Overflow Authentication Bypass Domino
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2016-0277 HIGH This Week

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM RCE Buffer Overflow Authentication Bypass Domino
NVD
CVSS 3.0
7.8
EPSS
1.9%
CVE-2015-5040 HIGH PATCH This Week

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service RCE Buffer Overflow Domino
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2015-4994 HIGH PATCH This Week

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service RCE Buffer Overflow Domino
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2015-2015 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Domino
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2015-2014 MEDIUM PATCH This Month

Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

IBM XSS Open Redirect Domino
NVD
CVSS 2.0
5.8
EPSS
0.2%
CVE-2015-1981 LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

IBM XSS Domino
NVD
CVSS 2.0
2.1
EPSS
0.3%
CVE-2015-1903 CRITICAL PATCH Act Now

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.0%.

IBM RCE Buffer Overflow Domino
NVD
CVSS 2.0
10.0
EPSS
34.0%
CVE-2015-1902 CRITICAL PATCH Act Now

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.0%.

IBM RCE Buffer Overflow Domino
NVD
CVSS 2.0
10.0
EPSS
34.0%
CVE-2015-0135 CRITICAL PATCH Act Now

IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 32.4%.

IBM RCE Denial Of Service Domino
NVD
CVSS 2.0
10.0
EPSS
32.4%
CVE-2015-0179 HIGH POC PATCH This Week

Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

IBM Privilege Escalation Domino
NVD Exploit-DB
CVSS 2.0
7.2
EPSS
0.7%
CVE-2015-0134 CRITICAL PATCH Act Now

Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 29.3%.

IBM RCE Buffer Overflow Domino
NVD
CVSS 2.0
10.0
EPSS
29.3%
CVE-2015-0117 CRITICAL PATCH Act Now

The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.8%.

IBM Denial Of Service RCE Buffer Overflow Domino
NVD
CVSS 2.0
10.0
EPSS
21.8%
EPSS 0% CVSS 7.5
HIGH This Week

A security vulnerability in HCL Domino could allow disclosure of sensitive configuration information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In some configuration scenarios, the Domino server host name can be exposed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino
NVD
EPSS 1% CVSS 7.8
HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

HCL Domino is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption IBM RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

HCL Domino is susceptible to an information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Domino
NVD
EPSS 0% CVSS 8.8
HIGH This Week

HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Domino
NVD
EPSS 0% CVSS 7.5
HIGH This Week

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Domino +1
NVD
EPSS 0% CVSS 7.4
HIGH This Week

HCL iNotes is susceptible to a link to non-existent domain vulnerability. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Hcl Inotes Domino
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hcl Inotes Domino
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Domino
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Domino
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Domino
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Domino
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Domino
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hashicorp Authentication Bypass Domino
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Domino
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Domino
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

IBM Buffer Overflow Domino +1
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials using multiple sessions and large amounts of data using Domino TLS Key Exchange validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft IBM Information Disclosure +1
NVD
EPSS 18% CVSS 8.8
HIGH POC THREAT Act Now

IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in the IMAP service that could allow an authenticated attacker to execute arbitrary code by specifying a large mailbox name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.8%.

Buffer Overflow RCE IBM +1
NVD Exploit-DB
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Citrix IBM Information Disclosure +3
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM This Month

IBM Verse is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Domino +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

IBM iNotes is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Domino +1
NVD
EPSS 1% CVSS 8.1
HIGH This Week

The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

IBM RCE Java +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM RCE Buffer Overflow +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in the KeyView PDF filter in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x before 9.0.1 FP6 allows remote attackers to execute arbitrary code via a crafted PDF document, a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

IBM RCE Buffer Overflow +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service RCE +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service RCE +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Domino
NVD
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

IBM XSS Open Redirect +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

IBM XSS Domino
NVD
EPSS 34% CVSS 10.0
CRITICAL PATCH Act Now

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.0%.

IBM RCE Buffer Overflow +1
NVD
EPSS 34% CVSS 10.0
CRITICAL PATCH Act Now

Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 34.0%.

IBM RCE Buffer Overflow +1
NVD
EPSS 32% CVSS 10.0
CRITICAL PATCH Act Now

IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 32.4%.

IBM RCE Denial Of Service +1
NVD
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available.

IBM Privilege Escalation Domino
NVD Exploit-DB
EPSS 29% CVSS 10.0
CRITICAL PATCH Act Now

Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 29.3%.

IBM RCE Buffer Overflow +1
NVD
EPSS 22% CVSS 10.0
CRITICAL PATCH Act Now

The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.8%.

IBM Denial Of Service RCE +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy