Vulnerabilities > IBM > Lotus Notes Traveler > 8.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-16 | CVE-2010-4549 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes Traveler IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation. | 4.0 |
2010-12-16 | CVE-2010-4548 | Improper Input Validation vulnerability in IBM Lotus Notes Traveler IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client. | 2.1 |
2010-12-16 | CVE-2010-4547 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes Traveler IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain. | 3.5 |
2010-12-16 | CVE-2010-4546 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes Traveler IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request. | 4.0 |
2010-12-16 | CVE-2010-4545 | Resource Management Errors vulnerability in IBM Lotus Notes Traveler IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data. | 4.0 |
2010-12-16 | CVE-2010-4544 | Cross-Site Scripting vulnerability in IBM Lotus Notes Traveler Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-12-16 | CVE-2009-5036 | Denial-Of-Service vulnerability in Lotus Notes Traveler traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation. | 4.0 |
2010-12-16 | CVE-2009-5035 | Information Exposure vulnerability in IBM Lotus Notes Traveler The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages. | 4.3 |
2010-12-16 | CVE-2009-5034 | Resource Management Errors vulnerability in IBM Lotus Notes Traveler IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service (memory consumption and daemon crash) by syncing a large volume of data, related to the launch of a new process to handle the data while the previous process is still operating on the data. | 4.0 |
2010-12-16 | CVE-2009-5033 | Information Exposure vulnerability in IBM Lotus Notes Traveler IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread. | 4.0 |