The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Lotus Domino

computer threat CVE-2014-0963

IBM GSKit: infinite loop of SSL

Synthesis of the vulnerability

An attacker can send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 20/05/2014.
Identifiers: 1610582, 1671732, 1672724, 1673008, 1673018, 1673666, 1673696, 1674047, 1674824, 1674825, 1681114, 7042179, CVE-2014-0963, VIGILANCE-VUL-14775.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The IBM Global Security Kit (GSKit) suite implements the support of SSL/TLS for several IBM applications.

However, some SSL messages generate an infinite loop in GSKit.

An attacker can therefore send malicious SSL/TLS messages to applications using IBM GSKit, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2014-0892

IBM Domino, Notes: code execution via Linux 32 bit

Synthesis of the vulnerability

An attacker can use a vulnerability of IBM Domino/Notes on Linux 32 bits, in order to execute code.
Severity: 2/4.
Creation date: 22/04/2014.
Identifiers: 1670264, CERTFR-2014-AVI-199, CVE-2014-0892, KLYH9GGS9W, VIGILANCE-VUL-14627, VU#350089.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The IBM Domino and Notes product can be installed on Linux 32 bits.

However, an attacker can inject code on this platform.

An attacker can therefore use a vulnerability of IBM Domino/Notes on Linux 32 bits, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer threat CVE-2013-6629 CVE-2013-6954 CVE-2014-0429

Oracle Java: multiple vulnerabilities of April 2014

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 37.
Creation date: 16/04/2014.
Identifiers: 1680562, 1681114, 7014224, BID-64493, c04398922, c04398943, CERTFR-2014-AVI-185, CERTFR-2014-AVI-382, CERTFR-2014-AVI-480, CERTFR-2015-AVI-431, CERTFR-2016-AVI-300, cpuapr2014, CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0463, CVE-2014-0464, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2410, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428, DSA-2912-1, DSA-2923-1, ESA-2014-044, FEDORA-2014-5277, FEDORA-2014-5280, FEDORA-2014-5290, FEDORA-2014-5336, HPSBUX03091, HPSBUX03092, JSA10659, JSA10698, MDVSA-2014:100, openSUSE-SU-2014:1638-1, openSUSE-SU-2014:1645-1, RHSA-2014:0406-01, RHSA-2014:0407-01, RHSA-2014:0408-01, RHSA-2014:0412-01, RHSA-2014:0413-02, RHSA-2014:0414-01, RHSA-2014:0486-01, RHSA-2014:0508-01, RHSA-2014:0509-01, RHSA-2014:0675-01, RHSA-2014:0685-01, RHSA-2014:0982-01, SB10072, SSRT101667, SSRT101668, SUSE-SU-2014:0639-1, SUSE-SU-2014:0728-1, SUSE-SU-2014:0728-2, SUSE-SU-2014:0728-3, SUSE-SU-2014:0733-1, SUSE-SU-2014:0733-2, USN-2187-1, USN-2191-1, VIGILANCE-VUL-14599, VMSA-2014-0008, VU#650142, ZDI-14-102, ZDI-14-103, ZDI-14-104, ZDI-14-105, ZDI-14-114.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0429]

An attacker can use a vulnerability of Libraries ScriptEngineManager, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0457, ZDI-14-105]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0456, ZDI-14-114]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2421, ZDI-14-102]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2410]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2397]

An attacker can use a vulnerability of Libraries permuteArguments, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0432, ZDI-14-104]

An attacker can use a vulnerability of Libraries DropArguments, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0455, ZDI-14-103]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0461]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0448]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2428]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2412]

An attacker can use a vulnerability of AWT, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0451]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0458]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2423]

An attacker can use a vulnerability of JAX-WS, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0452]

An attacker can use a vulnerability of JAXB, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2414]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2402]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0446]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-0454]

An attacker can use a vulnerability of Sound, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2427]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; CVE-2014-2422]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; CVE-2014-2409]

An attacker can use a vulnerability of JNDI, in order to obtain or alter information. [severity:2/4; CVE-2014-0460]

An attacker can create a malicious image, to dereference a NULL pointer in the png_do_expand_palette() function of libpng, in order to trigger a denial of service. (VIGILANCE-VUL-13989). [severity:2/4; BID-64493, CVE-2013-6954, VU#650142]

An attacker can use a vulnerability of AWT, in order to obtain information (VIGILANCE-VUL-18980). [severity:2/4; CVE-2013-6629]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; CVE-2014-0449]

An attacker can use a vulnerability of JAXP, in order to obtain information. [severity:2/4; CVE-2014-2403]

An attacker can use a vulnerability of 2D, in order to obtain information. [severity:2/4; CVE-2014-2401]

An attacker can use a vulnerability of Scripting, in order to obtain information. [severity:2/4; CVE-2014-0463]

An attacker can use a vulnerability of Scripting, in order to obtain information. [severity:2/4; CVE-2014-0464]

An attacker can use a vulnerability of 2D, in order to trigger a denial of service. [severity:2/4; CVE-2014-0459]

An attacker can use a vulnerability of Libraries, in order to alter information. [severity:2/4; CVE-2014-2413]

An attacker can use a vulnerability of Security, in order to obtain or alter information. [severity:2/4; CVE-2014-0453]

An attacker can use a vulnerability of Javadoc, in order to alter information. [severity:1/4; CVE-2014-2398]

A local attacker can create a symbolic link named /tmp/unpack.log, in order to alter the pointed file, with privileges of unpack200 (VIGILANCE-VUL-14196). [severity:1/4; CVE-2014-1876]

An attacker can use a vulnerability of Deployment, in order to alter information. [severity:1/4; CVE-2014-2420]
Full Vigil@nce bulletin... (Free trial)

cybersecurity note CVE-2014-0050

Apache Tomcat: denial of service via Apache Commons FileUpload

Synthesis of the vulnerability

An attacker can use a long Content-Type header, to generate an infinite loop in Apache Commons FileUpload or Apache Tomcat, in order to trigger a denial of service.
Severity: 3/4.
Creation date: 06/02/2014.
Revision date: 13/02/2014.
Identifiers: 1667254, 1676656, 1680564, 1999395, 1999474, 1999478, 1999479, 1999488, 1999532, 2015814, BID-65400, c05324755, CERTFR-2014-AVI-200, CERTFR-2014-AVI-282, CERTFR-2014-AVI-368, CERTFR-2014-AVI-382, cpuoct2016, CVE-2014-0050, DSA-2856-1, DSA-2897-1, FEDORA-2014-2175, FEDORA-2014-2183, HPSBGN03669, MDVSA-2014:056, MDVSA-2015:084, openSUSE-SU-2014:0527-1, openSUSE-SU-2014:0528-1, RHSA-2014:0252-01, RHSA-2014:0253-01, RHSA-2014:0373-01, RHSA-2014:0400-03, RHSA-2014:0401-02, RHSA-2014:0429-01, RHSA-2014:0452-01, RHSA-2014:0459-01, RHSA-2014:0473-01, RHSA-2014:0525-01, RHSA-2014:0526-01, RHSA-2014:0527-01, RHSA-2014:0528-01, RHSA-2015:1009, SB10079, SOL15189, SUSE-SU-2014:0548-1, USN-2130-1, VIGILANCE-VUL-14183, VMSA-2014-0007, VMSA-2014-0007.1, VMSA-2014-0007.2, VMSA-2014-0008, VMSA-2014-0008.2, VMSA-2014-0012.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Apache Commons FileUpload component manages the file upload feature. It is included in Apache Tomcat.

The HTTP Content-Type header indicates the type of the query body. However, if the size of this header is larger than 4091 bytes, the fileupload/MultipartStream.java class indefinitely tries to store data in an array which is too short.

An attacker can therefore use a long Content-Type header, to generate an infinite loop in Apache Commons FileUpload or Apache Tomcat, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2014-0822

IBM Domino: denial of service via IMAP Server

Synthesis of the vulnerability

An attacker can generate an error in the IMAP server of IBM Domino, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 06/02/2014.
Identifiers: 1663023, BID-65427, CVE-2014-0822, SPR# KLYH9F4S2Z, VIGILANCE-VUL-14187.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The IMAP service can be installed on IBM Domino.

An attacker can generate an error in the IMAP server of IBM Domino, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2013-5870 CVE-2013-5878 CVE-2013-5884

Oracle Java: multiple vulnerabilities of January 2014

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Oracle Java.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 36.
Creation date: 15/01/2014.
Identifiers: 1663938, 1670264, 1671242, 1671245, 1674922, 1675938, 1679983, 4006386, 7014224, BID-64863, BID-64875, BID-64882, BID-64890, BID-64894, BID-64899, BID-64901, BID-64903, BID-64906, BID-64907, BID-64910, BID-64912, BID-64914, BID-64915, BID-64916, BID-64917, BID-64918, BID-64919, BID-64920, BID-64921, BID-64922, BID-64923, BID-64924, BID-64925, BID-64926, BID-64927, BID-64928, BID-64929, BID-64930, BID-64931, BID-64932, BID-64933, BID-64934, BID-64935, BID-64936, BID-64937, c04166777, c04166778, CERTA-2014-AVI-030, CERTFR-2014-AVI-199, CERTFR-2014-AVI-480, CERTFR-2016-AVI-300, cpujan2014, CVE-2013-5870, CVE-2013-5878, CVE-2013-5884, CVE-2013-5887, CVE-2013-5888, CVE-2013-5889, CVE-2013-5893, CVE-2013-5895, CVE-2013-5896, CVE-2013-5898, CVE-2013-5899, CVE-2013-5902, CVE-2013-5904, CVE-2013-5905, CVE-2013-5906, CVE-2013-5907, CVE-2013-5910, CVE-2014-0368, CVE-2014-0373, CVE-2014-0375, CVE-2014-0376, CVE-2014-0382, CVE-2014-0385, CVE-2014-0387, CVE-2014-0403, CVE-2014-0408, CVE-2014-0410, CVE-2014-0411, CVE-2014-0415, CVE-2014-0416, CVE-2014-0417, CVE-2014-0418, CVE-2014-0422, CVE-2014-0423, CVE-2014-0424, CVE-2014-0428, ESA-2014-002, FEDORA-2014-0885, FEDORA-2014-0945, FEDORA-2014-1048, FEDORA-2014-2071, FEDORA-2014-2088, HPSBUX02972, HPSBUX02973, JSA10659, MDVSA-2014:011, openSUSE-SU-2014:0174-1, openSUSE-SU-2014:0177-1, openSUSE-SU-2014:0180-1, RHSA-2014:0026-01, RHSA-2014:0027-01, RHSA-2014:0030-01, RHSA-2014:0097-01, RHSA-2014:0134-01, RHSA-2014:0135-01, RHSA-2014:0136-01, RHSA-2014:0982-01, SOL17381, SSRT101454, SSRT101455, SUSE-SU-2014:0246-1, SUSE-SU-2014:0266-1, SUSE-SU-2014:0266-2, SUSE-SU-2014:0266-3, SUSE-SU-2014:0451-1, USN-2124-1, USN-2124-2, VIGILANCE-VUL-14087, ZDI-14-013, ZDI-14-038.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64915, CVE-2014-0410]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64899, CVE-2014-0415]

An attacker can use a vulnerability of 2D TTF Font Parsing, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64894, CVE-2013-5907, ZDI-14-013, ZDI-14-038]

An attacker can use a vulnerability of CORBA, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64935, CVE-2014-0428]

An attacker can use a vulnerability of JNDI, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64921, CVE-2014-0422]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64901, CVE-2014-0385]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64931, CVE-2013-5889]

An attacker can use a vulnerability of Hotspot, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64910, CVE-2014-0408]

An attacker can use a vulnerability of Libraries, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64863, CVE-2013-5893]

An attacker can use a vulnerability of 2D, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64932, CVE-2014-0417]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64882, CVE-2014-0387]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64919, CVE-2014-0424]

An attacker can use a vulnerability of Serviceability, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64922, CVE-2014-0373]

An attacker can use a vulnerability of Security, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64927, CVE-2013-5878]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64890, CVE-2013-5904]

An attacker can use a vulnerability of JavaFX, in order to obtain information, to alter information, or to trigger a denial of service. [severity:3/4; BID-64929, CVE-2013-5870]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64920, CVE-2014-0403]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64916, CVE-2014-0375]

An attacker can use a vulnerability of Beans, in order to obtain information, or to trigger a denial of service. [severity:2/4; BID-64914, CVE-2014-0423]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64934, CVE-2013-5905]

An attacker can use a vulnerability of Install, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64903, CVE-2013-5906]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64923, CVE-2013-5902]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64917, CVE-2014-0418]

An attacker can use a vulnerability of Deployment, in order to trigger a denial of service. [severity:2/4; BID-64875, CVE-2013-5887]

An attacker can use a vulnerability of Deployment, in order to obtain information. [severity:2/4; BID-64928, CVE-2013-5899]

An attacker can use a vulnerability of CORBA, in order to trigger a denial of service. [severity:2/4; BID-64926, CVE-2013-5896]

An attacker can use a vulnerability of CORBA, in order to obtain information. [severity:2/4; BID-64924, CVE-2013-5884]

An attacker can use a vulnerability of JAAS, in order to alter information. [severity:2/4; BID-64937, CVE-2014-0416]

An attacker can use a vulnerability of JAXP, in order to alter information. [severity:2/4; BID-64907, CVE-2014-0376]

An attacker can use a vulnerability of Networking, in order to obtain information. [severity:2/4; BID-64930, CVE-2014-0368]

An attacker can use a vulnerability of Security, in order to alter information. [severity:2/4; BID-64933, CVE-2013-5910]

An attacker can use a vulnerability of JavaFX, in order to obtain information. [severity:2/4; BID-64906, CVE-2013-5895]

An attacker can use a vulnerability of Deployment, in order to obtain information, to alter information, or to trigger a denial of service. [severity:2/4; BID-64925, CVE-2013-5888]

An attacker can use a vulnerability of JavaFX, in order to trigger a denial of service. [severity:2/4; BID-64936, CVE-2014-0382]

An attacker can use a vulnerability of Deployment, in order to obtain or alter information. [severity:2/4; BID-64912, CVE-2013-5898]

An attacker can use a vulnerability of JSSE, in order to obtain or alter information. [severity:2/4; BID-64918, CVE-2014-0411]
Full Vigil@nce bulletin... (Free trial)

weakness CVE-2013-4063 CVE-2013-4064 CVE-2013-4065

IBM Domino: three vulnerabilities of iNotes

Synthesis of the vulnerability

An attacker can use several vulnerabilities of iNotes of IBM Domino.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 19/12/2013.
Identifiers: 1659959, BID-64444, BID-64445, BID-64451, CVE-2013-4063, CVE-2013-4064, CVE-2013-4065, VIGILANCE-VUL-13967.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in IBM Domino.

An attacker can trigger a Cross Site Scripting in iNotes, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-64445, CVE-2013-4063]

An attacker can trigger a Cross Site Scripting in iNotes, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-64451, CVE-2013-4064]

An attacker can trigger a Cross Site Scripting in iNotes, in order to execute JavaScript code in the context of the web site. [severity:2/4; BID-64444, CVE-2013-4065]
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2013-4050 CVE-2013-4051 CVE-2013-4055

IBM Domino: multiple vulnerabilities of webadmin.nsf

Synthesis of the vulnerability

An attacker can use several vulnerabilities of webadmin.nsf of IBM Domino.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 18/11/2013.
Identifiers: 1652988, CVE-2013-4050, CVE-2013-4051, CVE-2013-4055, VIGILANCE-VUL-13790.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in IBM Domino Web Administrator (webadmin.nsf).

An attacker can trigger a Cross Site Request Forgery, in order to force the victim to perform operations. [severity:2/4; CVE-2013-4050]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2013-4051]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; CVE-2013-4055]
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2013-0590 CVE-2013-0591 CVE-2013-0595

Domino 9.0: multiple vulnerabilities of iNotes

Synthesis of the vulnerability

An attacker can use several vulnerabilities of iNotes of Domino 9.0.
Severity: 2/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 23/10/2013.
Identifiers: 1645503, 1653149, 1653364, 1653401, BID-63265, BID-63266, CVE-2013-0590, CVE-2013-0591, CVE-2013-0595, CVE-2013-5388, CVE-2013-5389, VIGILANCE-VUL-13636.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Domino 9.0.

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1653401, CVE-2013-0590]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1645503, CVE-2013-0591]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1653401, CVE-2013-0595]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1653149, BID-63265, CVE-2013-5388]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1653149, BID-63266, CVE-2013-5389]
Full Vigil@nce bulletin... (Free trial)

security bulletin CVE-2013-0590 CVE-2013-0591 CVE-2013-0595

Domino 8.5: multiple vulnerabilities of iNotes

Synthesis of the vulnerability

An attacker can use several vulnerabilities of iNotes of Domino 8.5.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 8.
Creation date: 23/10/2013.
Identifiers: 1645503, 1647740, 1649476, 1653149, 1653401, BID-63265, BID-63266, CVE-2013-0590, CVE-2013-0591, CVE-2013-0595, CVE-2013-3032, CVE-2013-3990, CVE-2013-4068, CVE-2013-5388, CVE-2013-5389, VIGILANCE-VUL-13635.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Domino 8.5.

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1649476, CVE-2013-3032]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1649476, CVE-2013-3990]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1653401, CVE-2013-0590]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1645503, CVE-2013-0591]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1653401, CVE-2013-0595]

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to execute code. [severity:3/4; 1647740, CVE-2013-4068]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1653149, BID-63265, CVE-2013-5388]

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4; 1653149, BID-63266, CVE-2013-5389]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Lotus Domino: