Vulnerabilities > Synacor > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-30 | CVE-2018-15131 | Information Exposure vulnerability in Synacor Zimbra Collaboration Suite An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. | 5.0 |
| 2019-05-29 | CVE-2019-6981 | Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. | 4.0 |
| 2019-05-29 | CVE-2018-18631 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS. | 4.3 |
| 2019-05-29 | CVE-2018-14013 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. | 4.3 |
| 2018-10-03 | CVE-2018-17938 | Insufficient Verification of Data Authenticity vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. | 5.0 |
| 2018-05-30 | CVE-2018-10939 | Cross-site Scripting vulnerability in multiple products Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. | 4.3 |
| 2018-05-30 | CVE-2015-7610 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token. | 6.8 |
| 2018-05-10 | CVE-2018-10951 | Unspecified vulnerability in Zimbra Collaboration Suite mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. | 4.0 |
| 2018-05-10 | CVE-2018-10950 | Information Exposure vulnerability in Synacor Zimbra Collaboration Suite mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump. | 5.0 |
| 2018-05-10 | CVE-2018-10949 | Information Exposure Through Discrepancy vulnerability in Synacor Zimbra Collaboration Suite mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors. | 5.0 |