Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Ibm Subscribe
Filtered by product Lotus Domino
Total 106 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-5059 1 Ibm 2 Lotus Domino, Lotus Quickr 2025-04-11 3.5 LOW N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 services for Lotus Domino might allow remote authenticated users to cause a denial of service (daemon crash) by checking out a document that is accessed through a connector, aka SPR MMOI7PSR8J.
CVE-2011-1424 3 Emc, Ibm, Microsoft 4 Sourceone Email Management, Lotus Domino, Lotus Notes and 1 more 2025-04-11 3.5 LOW N/A
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.
CVE-2010-0918 1 Ibm 2 Lotus Domino, Lotus Inotes 2025-04-11 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors.
CVE-2012-3301 1 Ibm 1 Lotus Domino 2025-04-11 4.3 MEDIUM N/A
Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input involving (1) Mozilla Firefox 3.0.9 and earlier or (2) unspecified browsers.
CVE-2013-4051 1 Ibm 1 Lotus Domino 2025-04-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4055.
CVE-2011-1520 1 Ibm 1 Lotus Domino 2025-04-11 7.2 HIGH N/A
The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.
CVE-2011-0918 1 Ibm 1 Lotus Domino 2025-04-11 10.0 HIGH N/A
Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail messages, aka SPR KLYH87LKRE.
CVE-2011-0913 1 Ibm 1 Lotus Domino 2025-04-11 10.0 HIGH N/A
Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString request, related to the local variable cache.
CVE-2013-0591 1 Ibm 2 Lotus Domino, Lotus Inotes 2025-04-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0590.
CVE-2011-0916 1 Ibm 1 Lotus Domino 2025-04-11 10.0 HIGH N/A
Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, aka SPR KLYH889M8H.
CVE-2012-4842 1 Ibm 1 Lotus Domino 2025-04-11 5.8 MEDIUM N/A
Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-3990 1 Ibm 1 Lotus Domino 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2.
CVE-2013-3027 1 Ibm 1 Lotus Domino 2025-04-11 9.3 HIGH N/A
Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW.
CVE-2009-5061 1 Ibm 2 Lotus Domino, Lotus Quickr 2025-04-11 2.1 LOW N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N.
CVE-2008-7286 1 Ibm 2 Lotus Domino, Lotus Quickr 2025-04-11 3.5 LOW N/A
IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not properly handle URLs that request images, which allows remote authenticated users to cause a denial of service (daemon crash) via a request to resources.nsf, aka SPR XFXF7JDBCX.
CVE-2011-0920 1 Ibm 1 Lotus Domino 2025-04-11 9.3 HIGH N/A
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.
CVE-2011-0917 1 Ibm 1 Lotus Domino 2025-04-11 10.0 HIGH N/A
Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX.
CVE-2013-0488 1 Ibm 1 Lotus Domino 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0921 1 Ibm 2 Lotus Domino, Lotus Inotes 2025-04-11 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
CVE-2011-1519 1 Ibm 1 Lotus Domino 2025-04-11 10.0 HIGH N/A
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.