Vulnerabilities > Kopano

DATE CVE VULNERABILITY TITLE RISK
2022-04-01 CVE-2022-26562 Improper Authentication vulnerability in Kopano Groupware Core 11.0.2.51
An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired.
network
low complexity
kopano CWE-287
critical
9.8
2021-03-31 CVE-2021-28994 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
network
low complexity
kopano zarafa CWE-770
5.0
2019-12-19 CVE-2019-19907 Classic Buffer Overflow vulnerability in Kopano Groupware Core
HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.
network
low complexity
kopano CWE-120
critical
9.8
2017-07-26 CVE-2017-11666 Cross-site Scripting vulnerability in Kopano Webapp
Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file.
network
kopano CWE-79
4.3