Skip to main content

Zarafa

6 CVEs product

Monthly

CVE-2021-28994 HIGH POC This Week

kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Groupware Core Zarafa
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2014-5448 LOW Monitor

Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zarafa
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-5447 LOW Monitor

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

PHP Information Disclosure Webapp Zarafa
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2014-0103 LOW Monitor

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

PHP Information Disclosure Apache Webapp Zarafa +1
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-0079 MEDIUM This Month

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zarafa
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-0037 MEDIUM This Month

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zarafa
NVD VulDB
CVSS 2.0
5.0
EPSS
0.7%
EPSS 2% CVSS 7.5
HIGH POC This Week

kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Groupware Core Zarafa
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zarafa
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

PHP Information Disclosure Webapp +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

PHP Information Disclosure Apache +3
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zarafa
NVD VulDB
EPSS 1% CVSS 5.0
MEDIUM This Month

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Zarafa
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy