Every CVE whose affected-product data names Ibm Lotus Domino, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (86)
CVE-2010-0276 — CVSS 10.0 (critical): IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for Domino 8.0.2 FP3 does not properly handle navigation of the "Try Lotus…
CVE-2008-2240 — CVSS 10.0 (critical): Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers…
CVE-2007-1675 — CVSS 10.0 (critical): Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before…
CVE-2011-0919 — CVSS 10.0 (critical): Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary…
CVE-2006-0119 — CVSS 10.0 (critical): Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to…
CVE-2011-0916 — CVSS 10.0 (critical): Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in…
CVE-2011-0914 — CVSS 10.0 (critical): Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers…
CVE-2011-1519 — CVSS 10.0 (critical): The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share…
CVE-2011-0913 — CVSS 10.0 (critical): Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote…
CVE-2010-0358 — CVSS 10.0 (critical): Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon…
CVE-2011-0915 — CVSS 10.0 (critical): Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long…
CVE-2011-0917 — CVSS 10.0 (critical): Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind…
CVE-2011-0918 — CVSS 10.0 (critical): Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via…
CVE-2012-4822 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and…
CVE-2011-0920 — CVSS 9.3 (critical): The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote…
CVE-2012-4821 — CVSS 9.3 (critical): Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and…
CVE-2012-4820 — CVSS 9.3 (critical): Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5…
CVE-2013-3027 — CVSS 9.3 (critical): Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via…
CVE-2007-0068 — CVSS 9.3 (critical): IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows…
CVE-2012-4823 — CVSS 9.3 (critical): Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5…
CVE-2010-3407 — CVSS 9.3 (critical): Stack-based buffer overflow in the MailCheck821Address function in nnotes.dll in the nrouter.exe service in the server in IBM Lotus Domino…
CVE-2007-3510 — CVSS 9.0 (critical): Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to…
CVE-2011-3575 — CVSS 9.0 (critical): Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users…
CVE-2013-0487 — CVSS 8.5 (high): The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of…
CVE-2006-0121 — CVSS 7.8 (high): Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption…
CVE-2005-2712 — CVSS 7.8 (high): The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service…
CVE-2007-1739 — CVSS 7.8 (high): Heap-based buffer overflow in the LDAP server in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a…
CVE-2014-0822 — CVSS 7.8 (high): The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x before 9.0.1 FP1 allows remote attackers to cause a denial of service…
CVE-2011-1393 — CVSS 7.8 (high): Unspecified vulnerability in the authentication functionality in the server in IBM Lotus Domino 8.x before 8.5.2 FP4 allows remote…
CVE-2007-5544 — CVSS 7.8 (high): IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before 6.5.5 FP3, and 7.x before 7.0.2 FP1; uses weak permissions…
CVE-2008-0243 — CVSS 7.8 (high): Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 allows attackers to cause a denial of service via unknown vectors.
CVE-2004-0669 — CVSS 7.5 (high): Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.
CVE-2014-3086 — CVSS 7.5 (high): Unspecified vulnerability in the IBM Java Virtual Machine, as used in IBM WebSphere Real Time 3 before Service Refresh 7 FP1 and other…
CVE-2002-0086 — CVSS 7.2 (high): Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1)…
CVE-2011-1520 — CVSS 7.2 (high): The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows…
CVE-2006-5818 — CVSS 7.2 (high): Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges…
CVE-2013-4068 — CVSS 7.1 (high): Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 before IF4 allows remote authenticated users to execute arbitrary code…
CVE-2007-0977 — CVSS 7.1 (high): IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner…
CVE-2005-4819 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote…
CVE-2004-2369 — CVSS 6.4 (medium): Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot…
CVE-2007-5700 — CVSS 6.3 (medium): The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses an incorrect security context for @ formula commands in some…
CVE-2013-4050 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote…
CVE-2013-0489 — CVSS 6.0 (medium): Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote…
CVE-2012-4842 — CVSS 5.8 (medium): Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to…
CVE-2000-1215 — CVSS 5.0 (medium): The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP…
CVE-2001-1567 — CVSS 5.0 (medium): Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly…
CVE-2002-1624 — CVSS 5.0 (medium): Buffer overflow in Lotus Domino web server before R5.0.10, when logging to DOMLOG.NSF, allows remote attackers to cause a denial of service…
CVE-2002-2014 — CVSS 5.0 (medium): Lotus Domino 5.0.8 web server returns different error messages when a valid or invalid user is provided in HTTP requests, which allows…
CVE-2003-0122 — CVSS 5.0 (medium): Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via…
CVE-2003-0123 — CVSS 5.0 (medium): Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of…
CVE-2005-1441 — CVSS 5.0 (medium): Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service…
CVE-2005-2428 — CVSS 5.0 (medium): Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields…
CVE-2006-0117 — CVSS 5.0 (medium): Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via…
CVE-2006-0118 — CVSS 5.0 (medium): Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of…
CVE-2006-0120 — CVSS 5.0 (medium): Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service…
CVE-2009-1286 — CVSS 5.0 (medium): The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of…
CVE-2009-3087 — CVSS 5.0 (medium): Unspecified vulnerability in nserver.exe in the server in IBM Lotus Domino 8.0 on Windows Server 2003 allows remote attackers to cause a…
CVE-2014-0892 — CVSS 5.0 (medium): IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 FP1 on 32-bit Linux platforms use incorrect gcc options, which makes…
CVE-2004-0029 — CVSS 4.6 (medium): Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to…
CVE-2011-3576 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2010-0927 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x…
CVE-2007-5924 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2…
CVE-2012-4844 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject…
CVE-2013-0486 — CVSS 4.3 (medium): Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon…
CVE-2013-0488 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to…
CVE-2006-4843 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1…
CVE-2012-3302 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary…
CVE-2013-3990 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to…
CVE-2013-4063 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to…
CVE-2004-2310 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or…
CVE-2013-5388 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject…
CVE-2013-5389 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject…
CVE-2004-1621 — CVSS 4.3 (medium): NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and…
CVE-2014-0913 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino 8.5.3 FP6 before IF2 and 9.0.1 before FP1 allows remote attackers to…
CVE-2012-3301 — CVSS 4.3 (medium): Multiple CRLF injection vulnerabilities in the HTTP server in IBM Lotus Domino 8.5.x before 8.5.4 allow remote attackers to inject…
CVE-2013-0595 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to…
CVE-2005-3015 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2013-3032 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to…
CVE-2004-2311 — CVSS 3.6 (low): Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence…
CVE-2013-0591 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to…
CVE-2013-4055 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated…
CVE-2013-0590 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to…
CVE-2013-4051 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated…
CVE-2013-4065 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is…
CVE-2007-5701 — CVSS 2.1 (low): Incomplete blacklist vulnerability in the Certificate Authority (CA) in IBM Lotus Domino before 7.0.3 allows local users, or attackers with…
CVE-2013-4064 — CVSS 2.1 (low): Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is…