Vulnerabilities > Synacor > Zimbra Collaboration Suite > 8.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-17 | CVE-2022-3569 | Unspecified vulnerability in Synacor Zimbra Collaboration Suite Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'. | 7.8 |
| 2020-07-02 | CVE-2020-13653 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. | 4.3 |
| 2020-06-03 | CVE-2020-12846 | Unrestricted Upload of File with Dangerous Type vulnerability in Synacor Zimbra Collaboration Suite Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. | 6.0 |
| 2020-02-18 | CVE-2020-8633 | Improper Preservation of Permissions vulnerability in Synacor Zimbra Collaboration Suite An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. | 5.0 |
| 2020-02-18 | CVE-2020-7796 | Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | 6.8 |
| 2019-05-30 | CVE-2015-7609 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite 8.6.0 Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra. | 4.3 |
| 2019-05-30 | CVE-2018-14425 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1. | 4.3 |
| 2019-05-30 | CVE-2018-10948 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs. | 3.5 |
| 2019-05-30 | CVE-2018-15131 | Information Exposure vulnerability in Synacor Zimbra Collaboration Suite An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. | 5.0 |
| 2019-05-29 | CVE-2018-18631 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS. | 4.3 |