Filtered by vendor Synacor
Subscriptions
Filtered by product Zimbra Collaboration Suite
Subscriptions
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3569 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 7.8 High |
| Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'. | ||||
| CVE-2020-8633 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible. | ||||
| CVE-2020-7796 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 9.8 Critical |
| Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | ||||
| CVE-2020-18985 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.1 Medium |
| An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. | ||||
| CVE-2020-18984 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. | ||||
| CVE-2020-13653 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.1 Medium |
| An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature. | ||||
| CVE-2020-12846 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 8.0 High |
| Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a "Corrupt File" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution. | ||||
| CVE-2019-9670 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 9.8 Critical |
| mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. | ||||
| CVE-2019-6981 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. | ||||
| CVE-2019-6980 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. | ||||
| CVE-2018-6882 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. | ||||
| CVE-2018-20160 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd. | ||||
| CVE-2018-18631 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS. | ||||
| CVE-2018-17938 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. | ||||
| CVE-2018-15131 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests. | ||||
| CVE-2018-14425 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1. | ||||
| CVE-2018-14013 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. | ||||
| CVE-2018-10951 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2024-11-21 | N/A |
| mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. | ||||
| CVE-2018-10950 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump. | ||||
| CVE-2018-10949 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | N/A |
| mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors. | ||||