Filtered by vendor Kopano Subscriptions
Filtered by product Groupware Core Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-26562 1 Kopano 1 Groupware Core 2024-11-21 9.8 Critical
An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa >= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final).
CVE-2021-28994 2 Kopano, Zarafa 2 Groupware Core, Zarafa 2024-11-21 7.5 High
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
CVE-2019-19907 1 Kopano 1 Groupware Core 2024-11-21 9.8 Critical
HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.