Ibm Notes vulnerabilities

13 known vulnerabilities affecting ibm/notes.

Total CVEs

13

CISA KEV

0

Public exploits

2

Exploited in wild

0

Severity breakdown

HIGH9MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2012-6277HIGHCVSS 7.8≥ 8.5, ≤ 8.5.32020-02-21

CVE-2012-6277 [HIGH] CVE-2012-6277: Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other product

CVE-2018-1771HIGHCVSS 7.8≥ 9.0.1.0, ≤ 9.0.1.10v9.0.0.0+1 more2018-12-20

CVE-2018-1771 [HIGH] CWE-119 CVE-2018-1771: IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a b IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687.

CVE-2018-1435HIGHCVSS 7.8v8.5v8.5.0.2+9 more2018-03-14

CVE-2018-1435 [HIGH] CWE-426 CVE-2018-1435: IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.

CVE-2018-1437HIGHCVSS 7.8v8.5v8.5.0.2+9 more2018-03-14

CVE-2018-1437 [HIGH] CWE-426 CVE-2018-1437: IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565.

CVE-2018-1410HIGHCVSS 7.8v8.5.1.5v8.5.2.4+3 more2018-02-19

CVE-2018-1410 [HIGH] CVE-2018-1410: IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to exec IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.

CVE-2018-1409HIGHCVSS 7.8v8.5.1.5v8.5.2.4+3 more2018-02-19

CVE-2018-1409 [HIGH] CVE-2018-1409: IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to exec IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.

CVE-2018-1411HIGHCVSS 7.8v8.5.1.5v8.5.2.4+3 more2018-02-19

CVE-2018-1411 [HIGH] CVE-2018-1411: IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to exec IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.

CVE-2017-1714HIGHCVSS 7.8v8.5.0.0v8.5.1.0+9 more2018-02-13

CVE-2017-1714 [HIGH] CVE-2017-1714: IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.

CVE-2017-1711HIGHCVSS 7.8v8.5.0.0v8.5.1.0+9 more2018-02-13

CVE-2017-1711 [HIGH] CWE-426 CVE-2017-1711: IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masqueradin IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.

CVE-2017-1720MEDIUMCVSS 5.3v8.5.0.0v8.5.1.0+9 more2018-02-13

CVE-2017-1720 [MEDIUM] CWE-77 CVE-2017-1720: IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafti IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.

CVE-2017-1129MEDIUMCVSS 6.5PoCv8.5.3.6v8.5.1.5+3 more2017-09-05

CVE-2017-1129 [MEDIUM] CVE-2017-1129: IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a mal IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.

CVE-2017-1130MEDIUMCVSS 6.5PoCv8.5.3.6v8.5.2.4+3 more2017-09-05

CVE-2017-1130 [MEDIUM] CVE-2017-1130: IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a mal IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.

CVE-2016-0270MEDIUMCVSS 5.9v9.0.1.3v9.0.1.4+1 more2017-02-08

CVE-2016-0270 [MEDIUM] CWE-200 CVE-2016-0270: IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a "forbidden attack." NOTE: this CVE has been incorrectly used for GCM