Notes
by HCL Software
CVEs (32)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-47970 | Hig | 0.49 | 7.5 | 0.00 | May 16, 2026 | Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger… | ||
| CVE-2002-0370 | 0.03 | — | 0.43 | Oct 10, 2002 | Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME,… | |||
| CVE-2005-2618 | 0.01 | — | 0.08 | Dec 31, 2005 | Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a… | |||
| CVE-2025-21070 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory. | |||
| CVE-2025-21067 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. | |||
| CVE-2025-21057 | 0.00 | — | 0.00 | Oct 10, 2025 | Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes. | |||
| CVE-2025-20932 | 0.00 | — | 0.00 | Mar 6, 2025 | Out-of-bounds read in parsing rle of bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to혻read out-of-bounds memory. | |||
| CVE-2025-20931 | 0.00 | — | 0.00 | Mar 6, 2025 | Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code. | |||
| CVE-2025-20924 | 0.00 | — | 0.00 | Mar 6, 2025 | Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles. | |||
| CVE-2025-20922 | 0.00 | — | 0.00 | Mar 6, 2025 | Out-of-bounds read in appending text paragraph in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory. | |||
| CVE-2024-34656 | 0.00 | — | 0.00 | Sep 4, 2024 | Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code. | |||
| CVE-2024-34634 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. | |||
| CVE-2024-34633 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. | |||
| CVE-2024-34632 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. | |||
| CVE-2024-34622 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. | |||
| CVE-2024-37317 | 0.00 | — | 0.00 | Jun 14, 2024 | The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the… | |||
| CVE-2023-39955 | 0.00 | — | 0.00 | Aug 10, 2023 | Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version… | |||
| CVE-2022-44755 | 0.00 | — | 0.01 | Dec 17, 2022 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the… | |||
| CVE-2022-44753 | 0.00 | — | 0.01 | Dec 17, 2022 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to… | |||
| CVE-2022-44751 | 0.00 | — | 0.01 | Dec 17, 2022 | HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the… |
- risk 0.49cvss 7.5epss 0.00
Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with excessively long character strings. Attackers can generate a payload containing 350000 repeated characters and paste it into a note field to trigger…
- CVE-2002-0370Oct 10, 2002risk 0.03cvss —epss 0.43
Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME,…
- CVE-2005-2618Dec 31, 2005risk 0.01cvss —epss 0.08
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a…
- CVE-2025-21070Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.
- CVE-2025-21067Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
- CVE-2025-21057Oct 10, 2025risk 0.00cvss —epss 0.00
Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes.
- CVE-2025-20932Mar 6, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in parsing rle of bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to혻read out-of-bounds memory.
- CVE-2025-20931Mar 6, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code.
- CVE-2025-20924Mar 6, 2025risk 0.00cvss —epss 0.00
Improper access control in Samsung Notes prior to version 4.4.26.71 allows physical attackers to access data across multiple user profiles.
- CVE-2025-20922Mar 6, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in appending text paragraph in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.
- CVE-2024-34656Sep 4, 2024risk 0.00cvss —epss 0.00
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
- CVE-2024-34634Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
- CVE-2024-34633Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
- CVE-2024-34632Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
- CVE-2024-34622Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.
- CVE-2024-37317Jun 14, 2024risk 0.00cvss —epss 0.00
The Nextcloud Notes app is a distraction free notes taking app for Nextcloud. If an attacker managed to share a folder called `Notes/` with a newly created user before they logged in, the Notes app would use that folder store the personal notes. It is recommended that the…
- CVE-2023-39955Aug 10, 2023risk 0.00cvss —epss 0.00
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version…
- CVE-2022-44755Dec 17, 2022risk 0.00cvss —epss 0.01
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the…
- CVE-2022-44753Dec 17, 2022risk 0.00cvss —epss 0.01
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to…
- CVE-2022-44751Dec 17, 2022risk 0.00cvss —epss 0.01
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the…
Page 1 of 2