Vulnerabilities > Synacor > Zimbra Collaboration Suite > 8.7.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-17 | CVE-2022-3569 | Unspecified vulnerability in Synacor Zimbra Collaboration Suite Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'. | 7.8 |
| 2020-07-02 | CVE-2020-13653 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. | 4.3 |
| 2020-06-03 | CVE-2020-12846 | Unrestricted Upload of File with Dangerous Type vulnerability in Synacor Zimbra Collaboration Suite Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. | 6.0 |
| 2020-02-18 | CVE-2020-8633 | Improper Preservation of Permissions vulnerability in Synacor Zimbra Collaboration Suite An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. | 5.0 |
| 2020-02-18 | CVE-2020-7796 | Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | 6.8 |
| 2019-05-30 | CVE-2018-14425 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1. | 4.3 |
| 2019-05-30 | CVE-2018-15131 | Information Exposure vulnerability in Synacor Zimbra Collaboration Suite An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. | 5.0 |
| 2019-05-29 | CVE-2019-9670 | XXE vulnerability in Synacor Zimbra Collaboration Suite mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. | 7.5 |
| 2019-05-29 | CVE-2019-6981 | Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. | 4.0 |
| 2019-05-29 | CVE-2019-6980 | Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. | 7.5 |