Vulnerabilities > IBM > Lotus Domino > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-12 | CVE-2014-3086 | Privilege Escalation vulnerability in IBM Lotus Domino, Lotus Notes and Websphere Real Time Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager. | 7.5 |
| 2014-02-06 | CVE-2014-0822 | Unspecified vulnerability in IBM Lotus Domino The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, aka SPR KLYH9F4S2Z. | 7.8 |
| 2013-09-20 | CVE-2013-4068 | Buffer Errors vulnerability in IBM Lotus Domino and Lotus Inotes Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka SPR PTHN9ADPA8. | 7.1 |
| 2013-03-27 | CVE-2013-0487 | Improper Authentication vulnerability in IBM Lotus Domino The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN. | 8.5 |
| 2011-12-27 | CVE-2011-1393 | Unspecified vulnerability in IBM Lotus Domino Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Notes RPC packet. | 7.8 |
| 2011-03-25 | CVE-2011-1520 | Improper Authentication vulnerability in IBM Lotus Domino The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command. | 7.2 |
| 2010-03-03 | CVE-2010-0919 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Domino web Access and Lotus Inotes Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ. | 7.6 |
| 2008-01-12 | CVE-2008-0243 | Denial Of Service vulnerability in IBM Lotus Domino 7.0/7.0.1/7.0.2 Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors. | 7.8 |
| 2007-10-29 | CVE-2007-5544 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Lotus Notes IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. | 7.8 |
| 2007-03-28 | CVE-2007-1739 | HTML Injection vulnerability in IBM Lotus Domino 7.0/7.0.1/7.0.2 Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service (crash) via a long, malformed DN request, which causes only the lower 16 bits of the string length to be used in memory allocation. | 7.8 |