Filtered by vendor Open-xchange
Subscriptions
Total
246 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-24603 | 1 Open-xchange | 1 Ox App Suite | 2024-08-02 | 6.5 Medium |
OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data. | ||||
CVE-2023-24604 | 1 Open-xchange | 1 Ox App Suite | 2024-08-02 | 4.3 Medium |
OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data. | ||||
CVE-2023-24597 | 1 Open-xchange | 1 Ox App Suite | 2024-08-02 | 5.3 Medium |
OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing. | ||||
CVE-2023-24602 | 1 Open-xchange | 1 Ox App Suite | 2024-08-02 | 6.1 Medium |
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title. | ||||
CVE-2023-24605 | 1 Open-xchange | 1 Ox App Suite | 2024-08-02 | 4.2 Medium |
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens. | ||||
CVE-2023-24598 | 1 Open-xchange | 1 Ox App Suite | 2024-08-02 | 4.3 Medium |
OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user. |