cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2013-0522,https://securityvulnerability.io/vulnerability/CVE-2013-0522,,"The Notes Client Single Logon feature in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3, and 9.0 on Windows allows local users to discover passwords via vectors involving an unspecified operating system communication mechanism for password transmission between Windows and Notes. IBM X-Force ID: 82531.",IBM,Lotus Notes,7,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-07-16T14:00:00.000Z,0
CVE-2018-1437,https://securityvulnerability.io/vulnerability/CVE-2018-1437,,"IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. A local attacker could exploit this vulnerability to DLL hijacking to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 139565.",IBM,Notes,7.8,HIGH,0.0017999999690800905,false,,false,false,false,,,false,false,,2018-03-14T00:29:00.000Z,0
CVE-2018-1435,https://securityvulnerability.io/vulnerability/CVE-2018-1435,,"IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A remote attacker could trick a user to double click a malicious executable in an attacker-controlled directory, which could result in code execution. IBM X-Force ID: 139563.",IBM,Notes,7.8,HIGH,0.02070000022649765,false,,false,false,false,,,false,false,,2018-03-14T00:29:00.000Z,0
CVE-2018-1411,https://securityvulnerability.io/vulnerability/CVE-2018-1411,,"IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.",IBM,"Client Application Access,Notes",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-02-19T14:29:00.000Z,0
CVE-2018-1409,https://securityvulnerability.io/vulnerability/CVE-2018-1409,,"IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138708.",IBM,"Client Application Access,Notes",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-02-19T14:29:00.000Z,0
CVE-2018-1410,https://securityvulnerability.io/vulnerability/CVE-2018-1410,,"IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138709.",IBM,"Client Application Access,Notes",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-02-19T14:29:00.000Z,0
CVE-2017-1711,https://securityvulnerability.io/vulnerability/CVE-2017-1711,,IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.,IBM,"Client Application Access,Notes",7.8,HIGH,0.0011899999808520079,false,,false,false,false,,,false,false,,2018-02-13T20:29:00.000Z,0
CVE-2017-1720,https://securityvulnerability.io/vulnerability/CVE-2017-1720,,IBM Notes 8.5 and 9.0 could allow a local attacker to execute arbitrary commands by carefully crafting a command line sent via the shared memory IPC. IBM X-Force ID: 134807.,IBM,"Client Application Access,Notes",5.3,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-02-13T20:29:00.000Z,0
CVE-2017-1714,https://securityvulnerability.io/vulnerability/CVE-2017-1714,,IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated local user without administrative privileges to gain System privilege. IBM X-Force ID: 134633.,IBM,"Client Application Access,Notes",7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-02-08T00:00:00.000Z,0
CVE-2017-1130,https://securityvulnerability.io/vulnerability/CVE-2017-1130,,"IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it would open up many file select dialog boxes which would cause the client hang and have to be restarted. IBM X-Force ID: 121371.",IBM,Notes,6.5,MEDIUM,0.9262800216674805,false,,false,false,false,,,false,false,,2017-09-05T21:29:00.000Z,0
CVE-2017-1129,https://securityvulnerability.io/vulnerability/CVE-2017-1129,,"IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user is persuaded to click on a malicious link, it could cause the Notes client to hang and have to be restarted. IBM X-Force ID: 121370.",IBM,"Lotus Expeditor,Notes",6.5,MEDIUM,0.9239599704742432,false,,false,false,false,,,false,false,,2017-09-05T21:29:00.000Z,0
CVE-2016-0270,https://securityvulnerability.io/vulnerability/CVE-2016-0270,,"IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 Interim Fix 1, when using TLS and AES GCM, uses random nonce generation, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonce in a session and a ""forbidden attack."" NOTE: this CVE has been incorrectly used for GCM nonce reuse issues in other products; see CVE-2016-10213 for the A10 issue, CVE-2016-10212 for the Radware issue, and CVE-2017-5933 for the Citrix issue.",IBM,"Notes,Domino,Client Application Access",5.9,MEDIUM,0.004920000210404396,false,,false,false,false,,,false,false,,2017-02-08T16:00:00.000Z,0
CVE-2014-8921,https://securityvulnerability.io/vulnerability/CVE-2014-8921,,"The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message.",IBM,Notes Traveler Companion,,,0.004100000020116568,false,,false,false,false,,,false,false,,2015-03-02T02:00:00.000Z,0
CVE-2014-6130,https://securityvulnerability.io/vulnerability/CVE-2014-6130,,"The IBM Notes Traveler application before 9.0.1.3 for Android lacks a warning message during selection of an HTTP session, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which the user had intended to use HTTPS.",IBM,Notes Traveler,,,0.002300000051036477,false,,false,false,false,,,false,false,,2014-11-04T18:00:00.000Z,0
CVE-2014-3086,https://securityvulnerability.io/vulnerability/CVE-2014-3086,,"Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other products, allows remote attackers to gain privileges by leveraging the ability to execute code in the context of a security manager.",IBM,Lotus Notes,,,0.07327999919652939,false,,false,false,false,,,false,false,,2014-08-12T00:00:00.000Z,0
CVE-2012-6349,https://securityvulnerability.io/vulnerability/CVE-2012-6349,,"Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used in IBM Notes 8.5.x before 8.5.3 FP4, allows remote attackers to execute arbitrary code via a crafted file, aka SPR KLYH92XL3W.",IBM,"Lotus Notes,Keyview Idol",,,0.00937000010162592,false,,false,false,false,,,false,false,,2013-07-18T16:51:00.000Z,0
CVE-2013-0536,https://securityvulnerability.io/vulnerability/CVE-2013-0536,,"ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24.",IBM,"Lotus Inotes,Lotus Notes,Lotus Notes Traveler",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2013-06-21T17:00:00.000Z,0
CVE-2013-2977,https://securityvulnerability.io/vulnerability/CVE-2013-2977,,"Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and 9.x before 9.0 Interim Fix 1 on Windows, and 8.5.x before 8.5.3 FP5 and 9.x before 9.0.1 on Linux, allows remote attackers to execute arbitrary code via a malformed PNG image in a previewed e-mail message, aka SPR NPEI96K82Q.",IBM,Lotus Notes,,,0.3968000113964081,false,,false,false,true,2020-01-03T15:55:12.000Z,true,false,false,,2013-05-10T10:00:00.000Z,0
CVE-2013-0538,https://securityvulnerability.io/vulnerability/CVE-2013-0538,,"Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49.",IBM,Lotus Notes,,,0.002050000010058284,false,,false,false,false,,,false,false,,2013-05-01T10:00:00.000Z,0
CVE-2013-0127,https://securityvulnerability.io/vulnerability/CVE-2013-0127,,"IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49.",IBM,Lotus Notes,,,0.007069999817758799,false,,false,false,false,,,false,false,,2013-05-01T10:00:00.000Z,0
CVE-2012-4821,https://securityvulnerability.io/vulnerability/CVE-2012-4821,,"Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via ""insecure use"" of the (1) java.lang.Class getDeclaredMethods or nd (2) java.lang.reflect.AccessibleObject setAccessible() methods.",IBM,"Lotus Domino,5.1.1,Lotus Notes,Lotus Notes Traveler,Rational Host On-demand,Tivoli Monitoring,Smart Analytics System 5600 Software,Rational Change,Lotus Notes Sametime,Websphere Real Time,Tivoli Remote Control,Service Delivery Manager,5.0,Smart Analytics System 5600,5.1,Java",,,0.4424299895763397,false,,false,false,false,,,false,false,,2013-01-11T00:00:00.000Z,0
CVE-2012-4822,https://securityvulnerability.io/vulnerability/CVE-2012-4822,,"Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allow remote attackers to execute arbitrary code via vectors related to ""insecure use [of] multiple methods in the java.lang.class class.""",IBM,"Lotus Domino,5.1.1,Lotus Notes,Lotus Notes Traveler,Rational Host On-demand,Tivoli Monitoring,Smart Analytics System 5600 Software,Rational Change,Lotus Notes Sametime,Websphere Real Time,Tivoli Remote Control,Service Delivery Manager,5.0,Smart Analytics System 5600,5.1,Java",,,0.8727999925613403,false,,false,false,false,,,false,false,,2013-01-11T00:00:00.000Z,0
CVE-2012-4820,https://securityvulnerability.io/vulnerability/CVE-2012-4820,,"Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, when running under a security manager, allows remote attackers to gain privileges by modifying or removing the security manager via vectors related to ""insecure use of the java.lang.reflect.Method invoke() method.""",IBM,"Lotus Domino,5.1.1,Lotus Notes,Lotus Notes Traveler,Rational Host On-demand,Tivoli Monitoring,Smart Analytics System 5600 Software,Rational Change,Lotus Notes Sametime,Websphere Real Time,Tivoli Remote Control,Service Delivery Manager,5.0,Smart Analytics System 5600,5.1,Java",,,0.2008800059556961,false,,false,false,false,,,false,false,,2013-01-11T00:00:00.000Z,0
CVE-2012-4823,https://securityvulnerability.io/vulnerability/CVE-2012-4823,,"Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600, Tivoli Remote Control 5.1.2, WebSphere Real Time, Lotus Notes & Domino, Tivoli Storage Productivity Center, and Service Deliver Manager; and other products from other vendors such as Red Hat, allows remote attackers to execute arbitrary code via vectors related to ""insecure use of the java.lang.ClassLoder defineClass() method.""",IBM,"Lotus Domino,5.1.1,Lotus Notes,Lotus Notes Traveler,Rational Host On-demand,Tivoli Monitoring,Smart Analytics System 5600 Software,Rational Change,Lotus Notes Sametime,Websphere Real Time,Tivoli Remote Control,Service Delivery Manager,5.0,Smart Analytics System 5600,5.1,Java",,,0.8605200052261353,false,,false,false,false,,,false,false,,2013-01-11T00:00:00.000Z,0
CVE-2012-4846,https://securityvulnerability.io/vulnerability/CVE-2012-4846,,"IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, aka SPRs JMAS7TRNLN and SRAO8U3Q68.",IBM,Lotus Notes,,,0.0028899998869746923,false,,false,false,false,,,false,false,,2012-12-19T11:00:00.000Z,0