Vulnerabilities > Synacor > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-30 CVE-2018-15131 Information Exposure vulnerability in Synacor Zimbra Collaboration Suite
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3.
network
low complexity
synacor CWE-200
5.0
2019-05-29 CVE-2019-6981 Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
network
low complexity
synacor CWE-918
4.0
2019-05-29 CVE-2018-18631 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.
network
synacor CWE-79
4.3
2019-05-29 CVE-2018-14013 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
network
synacor CWE-79
4.3
2018-10-03 CVE-2018-17938 Insufficient Verification of Data Authenticity vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.
network
low complexity
synacor CWE-345
5.0
2018-05-30 CVE-2018-10939 Cross-site Scripting vulnerability in multiple products
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.
4.3
2018-05-30 CVE-2015-7610 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
6.8
2018-05-10 CVE-2018-10951 Unspecified vulnerability in Zimbra Collaboration Suite
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
network
low complexity
zimbra synacor
4.0
2018-05-10 CVE-2018-10950 Information Exposure vulnerability in Synacor Zimbra Collaboration Suite
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.
network
low complexity
synacor CWE-200
5.0
2018-05-10 CVE-2018-10949 Information Exposure Through Discrepancy vulnerability in Synacor Zimbra Collaboration Suite
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
network
low complexity
synacor CWE-203
5.0