Hcltech Notes
By the Year
In 2023 there have been 0 vulnerabilities in Hcltech Notes . Last year Notes had 3 security vulnerabilities published. Right now, Notes is on track to have less security vulnerabilities in 2023 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 0 | 0.00 |
2022 | 3 | 7.80 |
2021 | 0 | 0.00 |
2020 | 7 | 7.93 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Notes vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Hcltech Notes Security Vulnerabilities
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView
CVE-2022-44755
7.8 - High
- December 19, 2022
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44751. This vulnerability applies to software previously licensed by IBM.
Memory Corruption
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView
CVE-2022-44753
7.8 - High
- December 19, 2022
HCL Notes is susceptible to a stack based buffer overflow vulnerability in wp6sr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted WordPerfect file. This vulnerability applies to software previously licensed by IBM.
Memory Corruption
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView
CVE-2022-44751
7.8 - High
- December 19, 2022
HCL Notes is susceptible to a stack based buffer overflow vulnerability in lasr.dll in Micro Focus KeyView. This could allow a remote unauthenticated attacker to crash the application or execute arbitrary code via a crafted Lotus Ami Pro file. This is different from the vulnerability described in CVE-2022-44755. This vulnerability applies to software previously licensed by IBM.
Memory Corruption
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow
CVE-2020-14224
9.8 - Critical
- December 18, 2020
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.
Memory Corruption
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow
CVE-2020-14232
8.8 - High
- December 18, 2020
A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow
CVE-2020-14268
9.8 - Critical
- December 14, 2020
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.
Memory Corruption
HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input
CVE-2020-4102
6.7 - Medium
- December 02, 2020
HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.
Classic Buffer Overflow
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input
CVE-2020-14258
7.5 - High
- November 21, 2020
HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected.
Improper Input Validation
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8
CVE-2020-4097
6.8 - Medium
- November 05, 2020
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.
Classic Buffer Overflow
HCL Notes versions previous to releases 9.0.1 FP10 IF8
CVE-2020-14240
6.1 - Medium
- November 05, 2020
HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and 11.0.1 FP1 is susceptible to a Stored Cross-site Scripting (XSS) vulnerability. An attacker could use this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Hcltech Notes or by Hcltech? Click the Watch button to subscribe.
