CVSS: 9.3EPSS: 8%CPEs: 19EXPL: 0CVE-2012-6349
https://notcve.org/view.php?id=CVE-2012-6349
18 Jul 2013 — Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W. Desbordamiento de búfer en el parser .mdb en Autonomy KeyView IDOL, como se utilizaba en IBM Notes v8.5.x anterior a v8.5.3 FP4, permite a atacantes remotos ejecutar código arbitrario a través de un archivo especialmente elaborado, también conocido como SPR KLYH92XL3W. • http://www-01.ibm.com/support/docview.wss?uid=swg21627992 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-0536
https://notcve.org/view.php?id=CVE-2013-0536
21 Jun 2013 — ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24. ntmulti.exe en el servicio Multi User Profile Cleanup en IBM Notes v8.0, v8.0.1, v8.0.2, v8.5, v8.5.1, v8.5.2, v8.5.3 anterior a FP5, y v9.0 anterior a IF2 permite a usuarios locales ganar privilegios mediante ve... • http://www-01.ibm.com/support/docview.wss?uid=swg21633827 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 21%CPEs: 42EXPL: 1CVE-2013-2977
https://notcve.org/view.php?id=CVE-2013-2977
10 May 2013 — Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q. Desbordamiento de entero en IBM Notes v8.5.x anterior a v8.5.3 FP4 Interim Fix 1 y v9.x anterior a v9.0 Interim Fix 1 en Windows, y v8.5.x anterior a v8.5.3 FP5 y v9.x anterior a v9.0.1 en Linux, permite a atacantes... • https://github.com/defrancescojp/CVE-2013-2977 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0127
https://notcve.org/view.php?id=CVE-2013-0127
01 May 2013 — IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49. IBM Lotus Notes v8.x anterior a v8.5.3 FP4 Interim Fix v1 y v9.0 anterior a Interim Fix 1 no bloquea elementos APPLET en correos HTML, lo cual permite a atacantes remotos eludir restricciones de ejecuci... • http://seclists.org/fulldisclosure/2013/Apr/262 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 30EXPL: 0CVE-2013-0538
https://notcve.org/view.php?id=CVE-2013-0538
01 May 2013 — Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49. Vulnerabilidad XSS en IBM Lotus Notes 8.x anterior a 8.5.3 FP4 Interim Fix 1 y 9.0 anterior a Interim Fix 1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un elementro SCRIPT en un correo electrónico HTML... • http://www-01.ibm.com/support/docview.wss?uid=swg21633819 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 12%CPEs: 128EXPL: 0CVE-2012-4820 – JDK: java.lang.reflect.Method invoke() code execution
https://notcve.org/view.php?id=CVE-2012-4820
11 Jan 2013 — Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a se... • http://rhn.redhat.com/errata/RHSA-2012-1465.html •
CVSS: 9.8EPSS: 6%CPEs: 128EXPL: 0CVE-2012-4821 – JDK: getDeclaredMethods() and setAccessible() code execution
https://notcve.org/view.php?id=CVE-2012-4821
11 Jan 2013 — Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote... • http://rhn.redhat.com/errata/RHSA-2012-1467.html •
CVSS: 9.8EPSS: 13%CPEs: 128EXPL: 0CVE-2012-4822 – JDK: java.lang.class code execution
https://notcve.org/view.php?id=CVE-2012-4822
11 Jan 2013 — Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote... • http://rhn.redhat.com/errata/RHSA-2012-1465.html •
CVSS: 9.8EPSS: 13%CPEs: 128EXPL: 0CVE-2012-4823 – JDK: java.lang.ClassLoder defineClass() code execution
https://notcve.org/view.php?id=CVE-2012-4823
11 Jan 2013 — Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers... • http://rhn.redhat.com/errata/RHSA-2012-1466.html •
CVSS: 5.3EPSS: 0%CPEs: 16EXPL: 0CVE-2012-4846
https://notcve.org/view.php?id=CVE-2012-4846
19 Dec 2012 — IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68. IBM Lotus Notes v8.5.x antes de v8.5.3 FP3 no incluye la bandera HttpOnly en la cabecera Set-Cookie para una cookie de aplicación web, lo que hace que sea más fácil para los atacantes remotos obtener información sensible a travé... • http://www.ibm.com/support/docview.wss?uid=swg21619604 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •