Vulnerabilities > Synacor > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-17 CVE-2022-3569 Unspecified vulnerability in Synacor Zimbra Collaboration Suite
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
local
low complexity
synacor
7.8
2020-01-27 CVE-2014-8563 OS Command Injection vulnerability in Synacor Zimbra Collaboration Server
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.
network
low complexity
synacor CWE-78
7.5
2019-05-29 CVE-2019-6980 Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.
network
low complexity
synacor CWE-502
7.5
2019-05-29 CVE-2018-20160 XXE vulnerability in Synacor Zimbra Collaboration Suite
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
network
low complexity
synacor CWE-611
7.5
2017-05-23 CVE-2017-6821 Path Traversal vulnerability in Synacor Zimbra Collaboration Suite
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.
network
low complexity
zimbra synacor CWE-22
7.5
2017-05-23 CVE-2017-6813 Privilege Escalation vulnerability in Synacor Zimbra Collaboration Suite
A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.
network
low complexity
zimbra synacor
7.5
2017-03-29 CVE-2016-9924 XXE vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.
network
low complexity
zimbra synacor CWE-611
7.5