4 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1

CVE-2021-28994

https://notcve.org/view.php?id=CVE-2021-28994

kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers. kopano-ical (anteriormente zarafa-ical) en Kopano Groupware Core versión hasta 8.7.16, 9.x hasta 9.1.0, 10.x hasta 10.0.7, y 11.xa hasta11.0.1 y Zarafa 6.30.x hasta 7.2.x, permite el agotamiento de la memoria a través de encabezados HTTP largos. • http://www.openwall.com/lists/oss-security/2021/04/01/1 http://www.openwall.com/lists/oss-security/2021/04/25/1 https://www.openwall.com/lists/oss-security/2021/03/19/6 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.0EPSS: 4%CPEs: 29EXPL: 1

CVE-2014-9465

https://notcve.org/view.php?id=CVE-2014-9465

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files. senddocument.php en Zarafa WebApp anterior a 2.0 beta 3 y WebAccess en Zarafa Collaboration Platform (ZCP) 7.x anterior a 7.1.12 beta 1 y 7.2.x anterior a 7.2.0 beta 1 permite a atacantes remotos causar una denegación de servicio (consumo de disco /tmp) mediante la subida de un número grande de ficheros. • http://advisories.mageia.org/MGASA-2015-0049.html http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html http://security.robert-scheck.de/cve-2014-9465-zarafa http://www.mandriva.com/security/advisories?name=MDVSA-2015:040 http://www.openwall.com/lists • CWE-399: Resource Management Errors •

CVSS: 2.1EPSS: 0%CPEs: 24EXPL: 0

CVE-2014-0103

https://notcve.org/view.php?id=CVE-2014-0103

WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files. WebAccess en Zarafa anterior a 7.1.10 y WebApp anterior a 1.6 almacena las credenciales en texto claro, lo que permite a usuarios locales de Apache obtener información sensible mediante la lectura de los ficheros PHP de sesión. • http://advisories.mageia.org/MGASA-2014-0380.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html http://www.mandriva.com/security/advisories?name=MDVSA-2014:182 http://www.securityfocus.com/bid/68247 https://bugzilla.redhat.com/show_bug.cgi?id=1073618 • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

CVE-2014-0079

https://notcve.org/view.php?id=CVE-2014-0079

The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password." La función ValidateUserLogon en provider/libserver/ECSession.cpp en Zarafa 7.1.8, 6.20.0 y anteriores, cuando utiliza ciertas condiciones build, permite a atacantes remotos causar una denegación de servicio (caída) a través de vectores relacionados con "un puntero nulo de la contraseña." • http://www.mandriva.com/security/advisories?name=MDVSA-2014:044 https://bugzilla.redhat.com/show_bug.cgi?id=1059903 • CWE-20: Improper Input Validation •