7 matches found
CVE-2016-0270
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1 is affected when using TLS with AES-GCM; the vulnerability arises from nonce generation randomness leading to nonce reuse, enabling remote attackers to obtain the authentication key and spoof data (CVE-2016-0270). Th...
CVE-2017-1714
CVE-2017-1714 affects IBM Notes and Domino NSD 8.5 and 9.0. An authenticated local user with non-admin privileges could escalate to System-level privileges, enabling full control on the affected host as described in the CVE entry and corroborated by multiple sources in the connected documents.
CVE-2017-1711
CVE-2017-1711 affects IBM iNotes 8.5 and 9.0 SUService. The vulnerability arises from the risk of loading a malicious DLL masquerading as a Windows DLL located in the temp directory, potentially allowing code execution. Connected documents reiterate the same issue and reference IBM X-Force ID 134...
CVE-2017-1720
CVE-2017-1720 affects IBM Notes 8.5 and 9.0, where a local attacker could execute arbitrary commands by crafting a command line sent via Shared Memory IPC. Connected CNVD-2018-03879 describes an elevation of privilege vulnerability in IBM Client Application Access and Notes related to IPC. The NV...
CVE-2018-1409
The CVE-2018-1409 entry affects IBM Notes Diagnostics, IBM Client Application Access, and IBM Notes on Windows. It describes an elevation-of-privilege flaw where a local attacker could craft a command line via inter-process communication using shared memory to trick the system into executing an a...
CVE-2018-1411
IBM Notes Diagnostics and IBM Client Application Access (Windows) are affected. A local attacker could craft a command line via shared-memory IPC to execute an arbitrary executable, enabling full system compromise. Root cause: IPC-based command-line handling flaw allows unintended command executi...
CVE-2018-1410
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) on Windows is affected by CVE-2018-1410. The issue arises when a local attacker crafts a command line sent via inter-process communication over shared memory, which could be tricked into executing an executable chosen by the atta...