Notes

CVEs (15)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-1129	IBM Lotus Expeditor	Med	0.51	6.5	0.69	Sep 5, 2017	IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.
CVE-2017-1130	HCL Software Notes	Med	0.50	6.5	0.65	Sep 5, 2017	IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.
CVE-2016-0270	IBM Domino	Med	0.38	5.9	0.01	Feb 8, 2017	IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session…
CVE-2012-6349	IBM Lotus Notes		0.01	—	0.06	Jul 18, 2013	Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W.
CVE-2013-2977	IBM Lotus Notes		0.01	—	0.17	May 10, 2013	Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message,…
CVE-2013-0522	IBM Notes		0.00	—	0.00	Jul 16, 2018	The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and…
CVE-2018-1435	IBM Notes		0.00	—	0.01	Mar 14, 2018	IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.
CVE-2018-1437	IBM Notes		0.00	—	0.00	Mar 14, 2018	IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the…
CVE-2018-1410	IBM Client Access		0.00	—	0.00	Feb 19, 2018	IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID:…
CVE-2018-1409	IBM Client Access		0.00	—	0.00	Feb 19, 2018	IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID:…
CVE-2018-1411	IBM Client Access		0.00	—	0.00	Feb 19, 2018	IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID:…
CVE-2017-1714	IBM Client Access		0.00	—	0.00	Feb 13, 2018	IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.
CVE-2017-1711	IBM Client Access		0.00	—	0.00	Feb 13, 2018	IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
CVE-2017-1720	IBM Client Access		0.00	—	0.00	Feb 13, 2018	IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.
CVE-2013-0536	IBM Lotus Notes		0.00	—	0.00	Jun 21, 2013	ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user,…

CVE-2017-1129MedSep 5, 2017
IBM
Lotus Expeditor
risk 0.51cvss 6.5epss 0.69
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.
CVE-2017-1130MedSep 5, 2017
HCL Software
Notes
risk 0.50cvss 6.5epss 0.65
IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.
CVE-2016-0270MedFeb 8, 2017
IBM
Domino
risk 0.38cvss 5.9epss 0.01
IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session…
CVE-2012-6349Jul 18, 2013
IBM
Lotus Notes
risk 0.01cvss —epss 0.06
Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W.
CVE-2013-2977May 10, 2013
IBM
Lotus Notes
risk 0.01cvss —epss 0.17
Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message,…
CVE-2013-0522Jul 16, 2018
IBM
Notes
risk 0.00cvss —epss 0.00
The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and…
CVE-2018-1435Mar 14, 2018
IBM
Notes
risk 0.00cvss —epss 0.01
IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.
CVE-2018-1437Mar 14, 2018
IBM
Notes
risk 0.00cvss —epss 0.00
IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the…
CVE-2018-1410Feb 19, 2018
IBM
Client Access
risk 0.00cvss —epss 0.00
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID:…
CVE-2018-1409Feb 19, 2018
IBM
Client Access
risk 0.00cvss —epss 0.00
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID:…
CVE-2018-1411Feb 19, 2018
IBM
Client Access
risk 0.00cvss —epss 0.00
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID:…
CVE-2017-1714Feb 13, 2018
IBM
Client Access
risk 0.00cvss —epss 0.00
IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.
CVE-2017-1711Feb 13, 2018
IBM
Client Access
risk 0.00cvss —epss 0.00
IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.
CVE-2017-1720Feb 13, 2018
IBM
Client Access
risk 0.00cvss —epss 0.00
IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.
CVE-2013-0536Jun 21, 2013
IBM
Lotus Notes
risk 0.00cvss —epss 0.00
ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user,…