CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 0CVE-2011-2886
https://notcve.org/view.php?id=CVE-2011-2886
IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets. IBM Lotus Symphony 3 anterior a FP3 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) mediante un documento .Docx con estilos de viñetas vacías para «viñetas padre». • http://osvdb.org/74160 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68890 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 0CVE-2011-2893
https://notcve.org/view.php?id=CVE-2011-2893
The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value reference. La función Datapilot de IBM Lotus Symphony 3 antes de FP3 permite a atacantes remotos asistidos por usuarios a provocar una denegación de servicio (caída de aplicación) a través de una hoja de cálculo .Xls grande, con una referencia Value no válida. • http://osvdb.org/74166 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68748 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 3%CPEs: 4EXPL: 0CVE-2011-2887
https://notcve.org/view.php?id=CVE-2011-2887
IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document. IBM Lotus Symphony 3 anterior a FP3 en Linux permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un documento de ejemplo determinado. • http://osvdb.org/74163 http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm http://www.ibm.com/support/docview.wss?uid=swg21505448 http://www.securityfocus.com/bid/48936 https://exchange.xforce.ibmcloud.com/vulnerabilities/68889 https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_ • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 87%CPEs: 106EXPL: 1CVE-2011-1213 – Lotus Notes 8.0.x < 8.5.2 FP2 - Autonomy Keyview ('.lzh' Attachment)
https://notcve.org/view.php?id=CVE-2011-1213
Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W. Desbordamiento de enteros en lzhsr.dll en Autonomy KeyView, tal como se utiliza en IBM Lotus Notes antes de v8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección mediante una cabecera manipulada en un archivo adjunto .lzh que provoca un desbordamiento de búfer basado en pila, también conocido como SPR PRAD88MJ2W . • https://www.exploit-db.com/exploits/17448 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=904 http://secunia.com/advisories/44624 http://securityreason.com/securityalert/8285 http://www.ibm.com/support/docview.wss?uid=swg21500034 http://www.securityfocus.com/bid/47962 https://exchange.xforce.ibmcloud.com/vulnerabilities/67620 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14634 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 18%CPEs: 107EXPL: 0CVE-2011-1218
https://notcve.org/view.php?id=CVE-2011-1218
Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information. Desbordamiento de buffer en kvarcve.dll de Autonomy KeyView, como es utilizado en IBM Lotus Notes en versiones anteriores a la 8.5.2 FP3, permite a atacantes remotos ejecutar código de su elección a través de un adjunto .zip modificado. También conocido como SPR PRAD8E3NSP. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes. • http://secunia.com/advisories/44624 http://www.ibm.com/support/docview.wss?uid=swg21500034 http://www.securityfocus.com/bid/47962 https://exchange.xforce.ibmcloud.com/vulnerabilities/67625 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14238 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •