Filtered by vendor Ibm Subscriptions
Filtered by product Lotus Notes Traveler Subscriptions
Total 25 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-5309 1 Ibm 1 Lotus Notes Traveler 2024-09-17 N/A
servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 does not properly restrict invalid authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2010-4548 1 Ibm 1 Lotus Notes Traveler 2024-09-17 N/A
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (daemon crash) by accepting a meeting invitation with an iNotes client and then accepting this meeting invitation with an iPhone client.
CVE-2010-4547 1 Ibm 1 Lotus Notes Traveler 2024-09-17 N/A
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain.
CVE-2010-4545 1 Ibm 1 Lotus Notes Traveler 2024-09-17 N/A
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (resource consumption and sync outage) by syncing a large volume of data.
CVE-2010-4551 1 Ibm 1 Lotus Notes Traveler 2024-09-17 N/A
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by omitting the Internet ID field in the person document, and then using an Apple device to (1) accept or (2) decline an invitation.
CVE-2009-5035 1 Ibm 1 Lotus Notes Traveler 2024-09-17 N/A
The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages.
CVE-2010-4553 1 Ibm 1 Lotus Notes Traveler 2024-09-17 N/A
An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 does not properly handle MIME types, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
CVE-2012-4825 1 Ibm 1 Lotus Notes Traveler 2024-09-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action.
CVE-2010-4550 1 Ibm 1 Lotus Notes Traveler 2024-09-16 N/A
IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to cause a denial of service (sync failure) via a malformed document.
CVE-2012-4824 1 Ibm 1 Lotus Notes Traveler 2024-09-16 N/A
Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter.
CVE-2010-4552 1 Ibm 1 Lotus Notes Traveler 2024-09-16 N/A
Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote attackers to cause a denial of service (memory consumption and daemon outage) by sending many embedded objects in e-mail messages for iPhone clients.
CVE-2012-5307 1 Ibm 1 Lotus Notes Traveler 2024-09-16 N/A
Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.
CVE-2012-5308 1 Ibm 1 Lotus Notes Traveler 2024-09-16 N/A
Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action.
CVE-2010-4546 1 Ibm 1 Lotus Notes Traveler 2024-09-16 N/A
IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment download request for an e-mail message with a Prevent Copy attribute, which allows remote authenticated users to bypass intended access restrictions via this request.
CVE-2009-5036 1 Ibm 1 Lotus Notes Traveler 2024-09-16 N/A
traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows remote authenticated users to cause a denial of service (daemon crash) via a malformed invitation document in a sync operation.
CVE-2010-4549 2 Ibm, Nokia 2 Lotus Notes Traveler, S60 2024-09-16 N/A
IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device successfully performs a Replace Data operation for a prohibited application, which allows remote authenticated users to bypass intended access restrictions via this operation.
CVE-2009-5034 1 Ibm 1 Lotus Notes Traveler 2024-08-07 N/A
IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated users to cause a denial of service (memory consumption and daemon crash) by syncing a large volume of data, related to the launch of a new process to handle the data while the previous process is still operating on the data.
CVE-2009-5033 1 Ibm 1 Lotus Notes Traveler 2024-08-07 N/A
IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a "* *" argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread.
CVE-2009-5032 1 Ibm 1 Lotus Notes Traveler 2024-08-07 N/A
The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
CVE-2010-4544 1 Ibm 1 Lotus Notes Traveler 2024-08-07 N/A
Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.