Vulnerabilities > Synacor > Zimbra Collaboration Suite > 6.0.16
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-17 | CVE-2022-3569 | Unspecified vulnerability in Synacor Zimbra Collaboration Suite Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'. | 7.8 |
2020-07-02 | CVE-2020-13653 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. | 4.3 |
2020-06-03 | CVE-2020-12846 | Unrestricted Upload of File with Dangerous Type vulnerability in Synacor Zimbra Collaboration Suite Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. | 6.0 |
2020-02-18 | CVE-2020-8633 | Improper Preservation of Permissions vulnerability in Synacor Zimbra Collaboration Suite An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. | 5.0 |
2020-02-18 | CVE-2020-7796 | Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | 6.8 |
2018-10-03 | CVE-2018-17938 | Insufficient Verification of Data Authenticity vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. | 5.0 |
2017-05-23 | CVE-2017-7288 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2017-05-23 | CVE-2017-6821 | Path Traversal vulnerability in Synacor Zimbra Collaboration Suite Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | 7.5 |
2017-05-23 | CVE-2017-6813 | Privilege Escalation vulnerability in Synacor Zimbra Collaboration Suite A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations. | 7.5 |
2017-05-17 | CVE-2016-3403 | Cross-Site Request Forgery (CSRF) vulnerability in Synacor Zimbra Collaboration Suite Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899. | 6.8 |