cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2013-0522,https://securityvulnerability.io/vulnerability/CVE-2013-0522,,"The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. IBM X-Force ID: 82531.",IBM,Lotus Notes,7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-07-16T14:00:00.000Z,0
CVE-2017-1129,https://securityvulnerability.io/vulnerability/CVE-2017-1129,,"IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.",IBM,"Lotus Expeditor,Notes",6.5,MEDIUM,0.9239599704742432,false,,false,false,false,,,false,false,,2017-09-05T21:29:00.000Z,0
CVE-2014-3086,https://securityvulnerability.io/vulnerability/CVE-2014-3086,,"Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager.",IBM,Lotus Notes,,,0.07327999919652939,false,,false,false,false,,,false,false,,2014-08-12T00:00:00.000Z,0
CVE-2012-6349,https://securityvulnerability.io/vulnerability/CVE-2012-6349,,"Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W.",IBM,"Lotus Notes,Keyview Idol",,,0.00937000010162592,false,,false,false,false,,,false,false,,2013-07-18T16:51:00.000Z,0
CVE-2013-0536,https://securityvulnerability.io/vulnerability/CVE-2013-0536,,"ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24.",IBM,"Lotus Inotes,Lotus Notes,Lotus Notes Traveler",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2013-06-21T17:00:00.000Z,0
CVE-2013-2977,https://securityvulnerability.io/vulnerability/CVE-2013-2977,,"Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q.",IBM,Lotus Notes,,,0.3968000113964081,false,,false,false,true,2020-01-03T15:55:12.000Z,true,false,false,,2013-05-10T10:00:00.000Z,0
CVE-2013-0127,https://securityvulnerability.io/vulnerability/CVE-2013-0127,,"IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49.",IBM,Lotus Notes,,,0.007069999817758799,false,,false,false,false,,,false,false,,2013-05-01T10:00:00.000Z,0
CVE-2013-0538,https://securityvulnerability.io/vulnerability/CVE-2013-0538,,"Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49.",IBM,Lotus Notes,,,0.002050000010058284,false,,false,false,false,,,false,false,,2013-05-01T10:00:00.000Z,0
CVE-2012-4822,https://securityvulnerability.io/vulnerability/CVE-2012-4822,,"Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to ""insecure use [of] multiple methods in the java.lang.class class.""",IBM,"Lotus Domino,5.1.1,Lotus Notes,Lotus Notes Traveler,Rational Host On-demand,Tivoli Monitoring,Smart Analytics System 5600 Software,Rational Change,Lotus Notes Sametime,Websphere Real Time,Tivoli Remote Control,Service Delivery Manager,5.0,Smart Analytics System 5600,5.1,Java",,,0.8727999925613403,false,,false,false,false,,,false,false,,2013-01-11T00:00:00.000Z,0
CVE-2012-4821,https://securityvulnerability.io/vulnerability/CVE-2012-4821,,"Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via ""insecure use"" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.",IBM,"Lotus Domino,5.1.1,Lotus Notes,Lotus Notes Traveler,Rational Host On-demand,Tivoli Monitoring,Smart Analytics System 5600 Software,Rational Change,Lotus Notes Sametime,Websphere Real Time,Tivoli Remote Control,Service Delivery Manager,5.0,Smart Analytics System 5600,5.1,Java",,,0.4424299895763397,false,,false,false,false,,,false,false,,2013-01-11T00:00:00.000Z,0
CVE-2012-4823,https://securityvulnerability.io/vulnerability/CVE-2012-4823,,"Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to ""insecure use of the java.lang.ClassLoder defineClass() method.""",IBM,"Lotus Domino,5.1.1,Lotus Notes,Lotus Notes Traveler,Rational Host On-demand,Tivoli Monitoring,Smart Analytics System 5600 Software,Rational Change,Lotus Notes Sametime,Websphere Real Time,Tivoli Remote Control,Service Delivery Manager,5.0,Smart Analytics System 5600,5.1,Java",,,0.8605200052261353,false,,false,false,false,,,false,false,,2013-01-11T00:00:00.000Z,0
CVE-2012-4820,https://securityvulnerability.io/vulnerability/CVE-2012-4820,,"Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to ""insecure use of the java.lang.reflect.Method invoke() method.""",IBM,"Lotus Domino,5.1.1,Lotus Notes,Lotus Notes Traveler,Rational Host On-demand,Tivoli Monitoring,Smart Analytics System 5600 Software,Rational Change,Lotus Notes Sametime,Websphere Real Time,Tivoli Remote Control,Service Delivery Manager,5.0,Smart Analytics System 5600,5.1,Java",,,0.2008800059556961,false,,false,false,false,,,false,false,,2013-01-11T00:00:00.000Z,0
CVE-2012-4846,https://securityvulnerability.io/vulnerability/CVE-2012-4846,,"IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.",IBM,Lotus Notes,,,0.0028899998869746923,false,,false,false,false,,,false,false,,2012-12-19T11:00:00.000Z,0
CVE-2012-5308,https://securityvulnerability.io/vulnerability/CVE-2012-5308,,Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action.,IBM,Lotus Notes Traveler,,,0.0028800000436604023,false,,false,false,false,,,false,false,,2012-10-08T10:47:00.000Z,0
CVE-2012-5307,https://securityvulnerability.io/vulnerability/CVE-2012-5307,,"Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.",IBM,Lotus Notes Traveler,,,0.0010600000387057662,false,,false,false,false,,,false,false,,2012-10-08T10:47:00.000Z,0
CVE-2012-4825,https://securityvulnerability.io/vulnerability/CVE-2012-4825,,Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action.,IBM,Lotus Notes Traveler,,,0.004110000096261501,false,,false,false,false,,,false,false,,2012-10-08T10:47:00.000Z,0
CVE-2012-4824,https://securityvulnerability.io/vulnerability/CVE-2012-4824,,Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter.,IBM,Lotus Notes Traveler,,,0.003109999932348728,false,,false,false,false,,,false,false,,2012-10-08T10:47:00.000Z,0
CVE-2012-5309,https://securityvulnerability.io/vulnerability/CVE-2012-5309,,"servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.",IBM,Lotus Notes Traveler,,,0.004139999859035015,false,,false,false,false,,,false,false,,2012-10-08T10:47:00.000Z,0
CVE-2010-5251,https://securityvulnerability.io/vulnerability/CVE-2010-5251,,"Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 allow local users to gain privileges via a Trojan horse (1) nnoteswc.dll or (2) nlsxbe.dll file in the current working directory, as demonstrated by a directory that contains a .vcf, .vcs, or .ics file.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",IBM,Lotus Notes,,,0.0006000000284984708,false,,false,false,false,,,false,false,,2012-09-07T10:32:00.000Z,0
CVE-2012-2174,https://securityvulnerability.io/vulnerability/CVE-2012-2174,,The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL.,IBM,Lotus Notes,,,0.9703500270843506,false,,false,false,false,,,false,false,,2012-06-20T10:00:00.000Z,0
CVE-2011-1215,https://securityvulnerability.io/vulnerability/CVE-2011-1215,,"Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.",IBM,Lotus Notes,,,0.09053999930620193,false,,false,false,false,,,false,false,,2011-05-31T20:00:00.000Z,0
CVE-2011-1217,https://securityvulnerability.io/vulnerability/CVE-2011-1217,,"Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment.  NOTE: some of these details are obtained from third party information.",IBM,Lotus Notes,,,0.5417400002479553,false,,false,false,false,,,false,false,,2011-05-31T20:00:00.000Z,0
CVE-2011-1216,https://securityvulnerability.io/vulnerability/CVE-2011-1216,,"Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.",IBM,Lotus Notes,,,0.3450300097465515,false,,false,false,false,,,false,false,,2011-05-31T20:00:00.000Z,0
CVE-2011-1512,https://securityvulnerability.io/vulnerability/CVE-2011-1512,,"Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.",IBM,"Lotus Notes,Keyview",,,0.10337000340223312,false,,false,false,false,,,false,false,,2011-05-31T20:00:00.000Z,0
CVE-2011-1213,https://securityvulnerability.io/vulnerability/CVE-2011-1213,,"Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.",IBM,Lotus Notes,,,0.9378499984741211,false,,false,false,false,,,false,false,,2011-05-31T20:00:00.000Z,0