Vulnerabilities > IBM > Lotus Notes > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-12 | CVE-2014-3086 | Privilege Escalation vulnerability in IBM Lotus Domino, Lotus Notes and Websphere Real Time Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager. | 7.5 |
| 2013-06-21 | CVE-2013-0536 | Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Inotes, Lotus Notes and Lotus Notes Traveler ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24. | 7.2 |
| 2009-09-09 | CVE-2009-3114 | Code Injection vulnerability in IBM Lotus Notes 8.5 The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K. | 7.5 |
| 2007-12-28 | CVE-2007-6593 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM Lotus Notes Multiple stack-based buffer overflows in l123sr.dll in Autonomy (formerly Verity) KeyView SDK, as used by IBM Lotus Notes 5.x through 8.x, allow user-assisted remote attackers to execute arbitrary code via the (1) Length and (2) Value fields for certain Types in a Lotus 1-2-3 (.123) file in the Worksheet File (WKS) format, as demonstrated by a file with a crafted SRANGE record, a different vulnerability than CVE-2007-5909. | 8.8 |
| 2007-10-29 | CVE-2007-5544 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Lotus Notes IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions (Everyone:Full Control) for memory mapped files (shared memory) in IPC, which allows local users to obtain sensitive information, or inject Lotus Script or other character sequences into a session. | 7.8 |
| 2002-10-10 | CVE-2002-0370 | Buffer Overflow vulnerability in Multiple Vendor ZIP Files Long Filename Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0. | 7.5 |
| 2001-12-31 | CVE-2001-1504 | Unspecified vulnerability in IBM Lotus Notes 4.6/5.0 Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message. | 7.5 |
| 2001-01-09 | CVE-2000-1138 | Unspecified vulnerability in IBM Lotus Notes Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected. | 7.5 |
| 1999-03-01 | CVE-1999-0429 | Unspecified vulnerability in IBM Lotus Notes 4.5 The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. | 7.5 |