Lotus_notes - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Lotus_notes
(Ibm)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	71

Date	Id	Summary	Products	Score	Patch	Annotated
2010-04-20	CVE-2010-1487	IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.	Lotus_notes	N/A
2009-09-09	CVE-2009-3114	The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K.	Lotus_notes	N/A
2009-09-01	CVE-2009-3037	Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.	Keyview, Lotus_notes, Brightmail_appliance, Data_loss_prevention_detection_servers, Data_loss_prevention_endpoint_agents, Mail_security, Mail_security_appliance	N/A
2010-03-05	CVE-2009-3032	Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.	Lotus_notes, Brightmail_gateway, Data_loss_prevention_detection_servers, Data_loss_prevention_endpoint_agents, Im_manager_2007, Mail_security	N/A
2009-03-18	CVE-2008-4564	Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.	Keyview_export_sdk, Keyview_filter_sdk, Keyview_viewer_sdk, Lotus_notes, Altiris_deployment_solution, Brightmail, Data_loss_prevention_detection_servers, Data_loss_prevention_endpoint_agents, Enforce, Mail_security	N/A
2008-04-10	CVE-2008-1718	Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, as used in IBM Lotus Notes before 8.0, might allow user-assisted remote attackers to execute arbitrary code via an e-mail message with a crafted Text mail (MIME) attachment.	Keyview, Lotus_notes	N/A
2008-03-09	CVE-2008-1217	Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706.	Lotus_notes	N/A
2008-04-10	CVE-2008-1101	Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.	Keyview, Lotus_notes	N/A
2008-02-21	CVE-2008-0862	IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection.	Lotus_notes	N/A
2008-04-10	CVE-2008-0066	Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.	Keyview, Lotus_notes	N/A