Notes Hcltech Notes

Do you want an email whenever new security vulnerabilities are reported in Hcltech Notes?

By the Year

In 2021 there have been 0 vulnerabilities in Hcltech Notes . Last year Notes had 7 security vulnerabilities published. Right now, Notes is on track to have less security vulnerabilities in 2021 than it did last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 7 7.93
2019 0 0.00
2018 0 0.00

It may take a day or so for new Notes vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Hcltech Notes Security Vulnerabilities

A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow

CVE-2020-14224 9.8 - Critical - December 18, 2020

A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.

Memory Corruption

A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow

CVE-2020-14232 8.8 - High - December 18, 2020

A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.

A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow

CVE-2020-14268 9.8 - Critical - December 14, 2020

A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.

Memory Corruption

HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input

CVE-2020-4102 6.7 - Medium - December 02, 2020

HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.

Classic Buffer Overflow

HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input

CVE-2020-14258 7.5 - High - November 21, 2020

HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.

Improper Input Validation

In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8

CVE-2020-4097 6.8 - Medium - November 05, 2020

In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.

Classic Buffer Overflow

HCL Notes versions previous to releases 9.0.1 FP10 IF8

CVE-2020-14240 6.1 - Medium - November 05, 2020

HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.

XSS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Hcltech Notes or by Hcltech? Click the Watch button to subscribe.

subscribe