Vulnerabilities > Kopano
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-01 | CVE-2022-26562 | Improper Authentication vulnerability in Kopano Groupware Core 11.0.2.51 An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. | 9.8 |
2021-03-31 | CVE-2021-28994 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. | 7.5 |
2019-12-19 | CVE-2019-19907 | Classic Buffer Overflow vulnerability in Kopano Groupware Core HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data. | 9.8 |
2017-07-26 | CVE-2017-11666 | Cross-site Scripting vulnerability in Kopano Webapp 3.3.0 Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file. | 6.1 |