Skip to main content

Lotus Notes

13 CVEs product

Monthly

CVE-2014-3086 HIGH This Week

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Java Lotus Notes Lotus Domino +1
NVD
CVSS 2.0
7.5
EPSS
2.9%
CVE-2014-0892 MEDIUM This Month

IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Information Disclosure Lotus Domino Lotus Notes
NVD VulDB
CVSS 2.0
5.0
EPSS
1.3%
CVE-2012-6349 CRITICAL Act Now

Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM Keyview Idol Lotus Notes
NVD
CVSS 2.0
9.3
EPSS
6.3%
CVE-2013-0536 HIGH This Week

ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Lotus Inotes Lotus Notes Lotus Notes Traveler
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2013-2977 MEDIUM This Month

Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 16.1% and no vendor patch available.

RCE Microsoft IBM Lotus Notes
NVD
CVSS 2.0
6.8
EPSS
16.1%
CVE-2013-0538 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Lotus Notes
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-0127 MEDIUM This Month

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation RCE Java IBM Lotus Notes
NVD
CVSS 2.0
5.8
EPSS
1.1%
CVE-2012-4823 CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.4% and no vendor patch available.

Red Hat RCE Java IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
14.4%
CVE-2012-4822 CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.3% and no vendor patch available.

Red Hat RCE Java IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
11.3%
CVE-2012-4821 CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat RCE Java IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
5.0%
CVE-2012-4820 CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Java Information Disclosure IBM Lotus Domino +14
NVD
CVSS 2.0
9.3
EPSS
9.4%
CVE-2012-4846 MEDIUM PATCH This Month

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Lotus Notes
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2012-2174 CRITICAL POC THREAT Emergency

The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.6%.

IBM Code Injection RCE Lotus Notes
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
64.6%
Threat
5.3
EPSS 3% CVSS 7.5
HIGH This Week

Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Java +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes it easier for remote attackers to execute arbitrary code by. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM RCE Information Disclosure +2
NVD VulDB
EPSS 6% CVSS 9.3
CRITICAL Act Now

Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow RCE IBM +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Lotus Inotes +2
NVD
EPSS 16% CVSS 6.8
MEDIUM This Month

Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 16.1% and no vendor patch available.

RCE Microsoft IBM +1
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Lotus Notes
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation RCE Java +2
NVD
EPSS 14% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 14.4% and no vendor patch available.

Red Hat RCE Java +16
NVD
EPSS 11% CVSS 9.3
CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 11.3% and no vendor patch available.

Red Hat RCE Java +16
NVD
EPSS 5% CVSS 9.3
CRITICAL Act Now

Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat RCE Java +16
NVD
EPSS 9% CVSS 9.3
CRITICAL Act Now

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Java Information Disclosure +16
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Lotus Notes
NVD
EPSS 65% 5.3 CVSS 9.3
CRITICAL POC THREAT Emergency

The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.6%.

IBM Code Injection RCE +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy