Filtered by vendor Horde
Subscriptions
Total
114 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9773 | 1 Horde | 1 Horde Image | 2024-11-21 | N/A |
| Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. | ||||
| CVE-2017-7414 | 1 Horde | 1 Groupware | 2024-11-21 | N/A |
| In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (that is maliciously crafted) to the Horde user, who then must either view or preview it. | ||||
| CVE-2017-7413 | 1 Horde | 1 Groupware | 2024-11-21 | N/A |
| In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address. | ||||
| CVE-2017-17689 | 16 9folders, Apple, Bloop and 13 more | 17 Nine, Mail, Airmail and 14 more | 2024-11-21 | N/A |
| The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | ||||
| CVE-2017-17688 | 11 Apple, Bloop, Emclient and 8 more | 11 Mail, Airmail, Emclient and 8 more | 2024-11-21 | N/A |
| The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification | ||||
| CVE-2017-16908 | 1 Horde | 1 Groupware | 2024-11-21 | N/A |
| In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed. | ||||
| CVE-2017-16907 | 1 Horde | 1 Groupware | 2024-11-21 | N/A |
| In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | ||||
| CVE-2017-16906 | 1 Horde | 1 Groupware | 2024-11-21 | N/A |
| In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | ||||
| CVE-2017-15235 | 1 Horde | 1 Groupware | 2024-11-21 | N/A |
| The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename. | ||||
| CVE-2017-14650 | 1 Horde | 1 Horde Image Api | 2024-11-21 | N/A |
| A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes ImageMagick's "convert" utility. It's not exploitable through any Horde application, because the code path to the vulnerability is not used by any Horde code. Custom applications using the Horde_Image library might be affected. This vulnerability affects all versions of Horde_Image from 2.0.0 to 2.5.1, and is fixed in 2.5.2. The problem is missing input validation of the index field in _raw() during construction of an ImageMagick command line. | ||||
| CVE-2014-3999 | 1 Horde | 1 Horde Ldap | 2024-11-21 | N/A |
| The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. | ||||
| CVE-2013-6365 | 3 Debian, Horde, Opensuse | 3 Debian Linux, Groupware, Opensuse | 2024-11-21 | 5.3 Medium |
| Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions | ||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 8.8 High |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | ||||
| CVE-2013-6275 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.5 Medium |
| Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | ||||