CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2021-28994
https://notcve.org/view.php?id=CVE-2021-28994
31 Mar 2021 — kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. kopano-ical (anteriormente zarafa-ical) en Kopano Groupware Core versión hasta 8.7.16, 9.x hasta 9.1.0, 10.x hasta 10.0.7, y 11.xa hasta11.0.1 y Zarafa 6.30.x hasta 7.2.x, permite el agotamiento de la memoria a través de encabezados HTTP largos. • http://www.openwall.com/lists/oss-security/2021/04/01/1 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2015-6566
https://notcve.org/view.php?id=CVE-2015-6566
11 Jan 2016 — zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. zarafa-autorespond en Zarafa Collaboration Platform (ZCP) en versiones anteriores a 7.2.1 permite a usuarios locales obtener privilegios a través de un ataque de enlace simbólico en /tmp/zarafa-vacation-*. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172605.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-3436
https://notcve.org/view.php?id=CVE-2015-3436
09 Jun 2015 — provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock. provider/server/ECServer.cpp en Zarafa Collaboration Platform (ZCP) anterior a 7.1.13 y 7.2.x anterior a 7.2.1 permite a usuarios locales escribir en ficheros arbitrarios a través de un ataque de enlace simbólico sobre /tmp/zarafa-upgrade-lock. • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 2%CPEs: 29EXPL: 1CVE-2014-9465 – Mandriva Linux Security Advisory 2015-040
https://notcve.org/view.php?id=CVE-2014-9465
10 Feb 2015 — senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. senddocument.php en Zarafa WebApp anterior a 2.0 beta 3 y WebAccess en Zarafa Collaboration Platform (ZCP) 7.x anterior a 7.1.12 beta 1 y 7.2.x anterior a 7.2.0 beta 1 permite a atacantes remotos causar una denegación de servicio (consum... • http://advisories.mageia.org/MGASA-2015-0049.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5450 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-5450
25 Sep 2014 — Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files. Zarafa Collaboration Platform 4.1 emplea permisos de lectura globales para /etc/zarafa/license, lo que permite que usuarios locales obtengan información sensible mediante la lectura de archivos de licencia Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files... • http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5447 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-5447
25 Sep 2014 — Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103. Zarafa WebAccess 7.1.10 y WebApp 1.6 beta utilizan permisos (644) débiles para config.php, lo que permite a usuarios locales obtener información sensible mediante la lectura de los ficheros de las sesiones PHP. NOTA: esta vulnerabilidad existe debido a ... • http://advisories.mageia.org/MGASA-2014-0380.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5448 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-5448
25 Sep 2014 — Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files. Zarafa 5.00 utiliza permisos de lectura universal para los ficheros en el directorio del registro, lo que permite a usuarios locales obtener información sensible mediante la lectura de los ficheros del registro. Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. Thi... • http://advisories.mageia.org/MGASA-2014-0380.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0CVE-2014-0103 – Mandriva Linux Security Advisory 2014-182
https://notcve.org/view.php?id=CVE-2014-0103
29 Jul 2014 — WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. WebAccess en Zarafa anterior a 7.1.10 y WebApp anterior a 1.6 almacena las credenciales en texto claro, lo que permite a usuarios locales de Apache obtener información sensible mediante la lectura de los ficheros PHP de sesión. Robert Scheck reported that Zarafa's WebAccess stored session information, including login creden... • http://advisories.mageia.org/MGASA-2014-0380.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 71EXPL: 0CVE-2014-0037 – Mandriva Linux Security Advisory 2014-044
https://notcve.org/view.php?id=CVE-2014-0037
20 Feb 2014 — The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username." La función ValidateUserLogon en provider/libserver/ECSession.cpp en Zarafa 5.00 anterior a 7.1.8 beta2 permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores relacionados con "un puntero nulo del nombre de usuario." Robert Scheck discovered multiple vulnera... • http://www.mandriva.com/security/advisories?name=MDVSA-2014:044 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0079 – Mandriva Linux Security Advisory 2014-044
https://notcve.org/view.php?id=CVE-2014-0079
20 Feb 2014 — The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password." La función ValidateUserLogon en provider/libserver/ECSession.cpp en Zarafa 7.1.8, 6.20.0 y anteriores, cuando utiliza ciertas condiciones build, permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores relacionados con... • http://www.mandriva.com/security/advisories?name=MDVSA-2014:044 • CWE-20: Improper Input Validation •