kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
Max CVSS
7.5
EPSS Score
0.13%
Published
2021-03-31
Updated
2022-07-12
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
Max CVSS
6.1
EPSS Score
0.11%
Published
2019-04-11
Updated
2019-04-26
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
Max CVSS
8.4
EPSS Score
0.09%
Published
2016-01-11
Updated
2016-01-13
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
Max CVSS
6.6
EPSS Score
0.04%
Published
2015-06-09
Updated
2016-12-06
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.
Max CVSS
5.0
EPSS Score
4.87%
Published
2015-02-19
Updated
2016-04-07
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.
Max CVSS
5.5
EPSS Score
0.04%
Published
2018-03-19
Updated
2018-04-20
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
Max CVSS
5.0
EPSS Score
0.34%
Published
2014-04-28
Updated
2014-04-29
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."
Max CVSS
5.0
EPSS Score
0.96%
Published
2014-04-28
Updated
2014-04-29
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!