Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:lotus_notes:8.0.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-0538 |
Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49. Published: May 01, 2013; 8:00:07 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2013-0127 |
IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49. Published: May 01, 2013; 8:00:07 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2012-4823 |
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to "insecure use of the java.lang.ClassLoder defineClass() method." Published: January 10, 2013; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-4822 |
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to "insecure use [of] multiple methods in the java.lang.class class." Published: January 10, 2013; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-4821 |
Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via "insecure use" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods. Published: January 10, 2013; 7:55:01 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-4820 |
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to "insecure use of the java.lang.reflect.Method invoke() method." Published: January 10, 2013; 7:55:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-2174 |
The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. Published: June 20, 2012; 6:27:28 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1512 |
Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR. Published: May 31, 2011; 4:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1218 |
Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information. Published: May 31, 2011; 4:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1217 |
Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information. Published: May 31, 2011; 4:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1216 |
Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7. Published: May 31, 2011; 4:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1215 |
Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND. Published: May 31, 2011; 4:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1214 |
Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ. Published: May 31, 2011; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2011-1213 |
Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W. Published: May 31, 2011; 4:55:01 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-3037 |
Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment. Published: September 01, 2009; 12:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2008-1217 |
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706. Published: March 08, 2008; 9:44:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-6594 |
IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak permissions for the installation kit obtained through a Notes 8 download and (2) 0777 permissions for the installdata file that is created by setup.sh, which allows local users to gain privileges via a Trojan horse file. Published: December 28, 2007; 4:46:00 PM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |