The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of IBM Lotus Notes

HCL Notes: denial of service via Email Message
An attacker can trigger a fatal error via Email Message of HCL Notes, in order to trigger a denial of service...
CVE-2020-14258, VIGILANCE-VUL-33948
HCL Notes: buffer overflow via Email Compose
An attacker can trigger a buffer overflow via Email Compose of HCL Notes, in order to trigger a denial of service, and possibly to run code...
CVE-2020-4097, VIGILANCE-VUL-33772
HCL Notes: Cross Site Scripting via HTML Emails
An attacker can trigger a Cross Site Scripting via HTML Emails of HCL Notes, in order to run JavaScript code in the context of the web site...
CVE-2020-14240, VIGILANCE-VUL-33771
HCL Notes: information disclosure via Mailto
An attacker can bypass access restrictions to data via Mailto of HCL Notes, in order to obtain sensitive information...
CVE-2020-4089, KB0080343, SPR#ARUIBM4MYE, VIGILANCE-VUL-32636
SnakeYAML: external YAML entity injection
An attacker can transmit malicious YAML data to snakeyaml, in order to read a file, scan sites, or trigger a denial of service...
6198380, CVE-2017-18640, FEDORA-2020-23012fafbc, KB0085481, RHSA-2020:4807-01, VIGILANCE-VUL-32101
FasterXML jackson-databind: external XML entity injection via jackson-mapper-asl
An attacker can transmit malicious XML data via jackson-mapper-asl to FasterXML jackson-databind, in order to read a file, scan sites, or trigger a denial of service...
6198380, CVE-2019-10172, DLA-2091-1, DLA-2342-1, KB0085481, RHSA-2020:2058-01, RHSA-2020:2059-01, RHSA-2020:2060-01, RHSA-2020:2061-01, RHSA-2020:2106-01, RHSA-2020:2107-01, RHSA-2020:2108-01, RHSA-2020:2112-01, RHSA-2020:2113-01, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, VIGILANCE-VUL-31485
Apache Log4j 1.2: code execution via Socket Server Deserialization
An attacker can use a vulnerability via Socket Server Deserialization of Apache Log4j 1.2, in order to run code...
6198380, 6371652, cpuapr2020, cpujul2020, CVE-2019-17571, DLA-2065-1, DSA-4686-1, KB0085481, NTAP-20200110-0001, openSUSE-SU-2020:0051-1, SUSE-SU-2020:0053-1, SUSE-SU-2020:0054-1, SUSE-SU-2020:14267-1, USN-4495-1, VIGILANCE-VUL-31193
Codehaus: code execution via Deserialization
An attacker can use a vulnerability via Deserialization of Codehaus, in order to run code...
6198380, CVE-2019-10202, KB0085481, RHSA-2019:2935-01, RHSA-2019:2936-01, RHSA-2019:2937-01, RHSA-2019:2938-01, VIGILANCE-VUL-30483
Spring Security: privilege escalation via PlaintextPasswordEncoder Null Encoded Password
An attacker can bypass restrictions via PlaintextPasswordEncoder Null Encoded Password of Spring Security, in order to escalate his privileges...
5048, CVE-2019-11272, DLA-1848-1, KB0085481, VIGILANCE-VUL-29711
jackson-databind: file reading
An attacker can read a file from a client using jackson-databind, in order to obtain sensitive information...
5048, cpujan2020, cpujul2019, cpuoct2019, CVE-2019-12086, DLA-1798-1, DSA-4452-1, FEDORA-2019-ae6a703b8f, FEDORA-2019-fb23eccc03, KB0085481, RHSA-2019:2935-01, RHSA-2019:2936-01, RHSA-2019:2937-01, RHSA-2019:2938-01, RHSA-2019:3044-01, RHSA-2019:3045-01, RHSA-2019:3046-01, RHSA-2019:3050-01, VIGILANCE-VUL-29375
Our database contains other pages. You can request a free trial to read them.