Lotus Notes Security Vulnerabilities and Issues — Lotus Notes CVE List

Lucene search

IbmLotus Notes

8 matches found

cve•added 2007/10/29 9:46 p.m.•58 views

CVE-2007-5544

IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other characte...

7.8CVSS7.3AI score0.00089EPSS

cve•added 2007/12/28 9:46 p.m.•54 views

CVE-2007-6593

Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Wor...

8.8CVSS7.4AI score0.25869EPSS

cve•added 2007/11/10 2:46 a.m.•52 views

CVE-2007-5909

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1)...

9.3CVSS7.2AI score0.30959EPSS

cve•added 2007/08/13 9:17 p.m.•46 views

CVE-2007-4309

IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than CVE-2005-2696.

3.5CVSS5.9AI score0.00199EPSS

cve•added 2007/11/10 2:46 a.m.•45 views

CVE-2007-5910

Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a...

9.3CVSS7.6AI score0.30959EPSS

cve•added 2007/10/29 10:46 p.m.•43 views

CVE-2007-4222

Buffer overflow in the TagAttributeListCopy function in nnotes.dll in IBM Lotus Notes before 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML email, related to duplicate RTF conversion when the recipient operates on this email.

9.3CVSS7.2AI score0.18783EPSS

cve•added 2007/12/28 9:46 p.m.•40 views

CVE-2007-6594

IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file.

6.9CVSS6.4AI score0.00037EPSS

cve•added 2007/04/11 1:19 a.m.•37 views

CVE-2007-1941

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-48...

4.3CVSS5.3AI score0.00759EPSS