Vulnerabilities > Zimbra > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-07 | CVE-2023-41106 | Unspecified vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. | 7.5 |
2023-07-31 | CVE-2023-38750 | Unspecified vulnerability in Zimbra In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed. | 7.5 |
2023-07-06 | CVE-2023-34193 | Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15 File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. | 8.8 |
2023-06-15 | CVE-2023-24032 | Command Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0 In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE). | 7.8 |
2022-12-05 | CVE-2022-45912 | Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. | 7.2 |
2022-09-26 | CVE-2022-41347 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). | 7.8 |
2022-04-21 | CVE-2022-27925 | Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0 Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. | 7.2 |
2021-07-02 | CVE-2021-35209 | Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. | 7.5 |
2017-05-23 | CVE-2017-6821 | Path Traversal vulnerability in Synacor Zimbra Collaboration Suite Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. | 7.5 |
2017-05-23 | CVE-2017-6813 | Privilege Escalation vulnerability in Synacor Zimbra Collaboration Suite A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations. | 7.5 |