Vulnerabilities > Zarafa
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-31 | CVE-2021-28994 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. | 7.5 |
2019-04-11 | CVE-2019-7219 | Cross-site Scripting vulnerability in Zarafa Webaccess 7.2.048204 Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. | 6.1 |
2018-03-19 | CVE-2014-5450 | Information Exposure vulnerability in Zarafa Collaboration Platform 4.1 Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files. | 5.5 |
2016-01-11 | CVE-2015-6566 | Link Following vulnerability in multiple products zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | 8.4 |