Zarafa

zarafa

12 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Zarafa Collaboration Platform

zarafa_collaboration_platform

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-28994 2Kopano Zarafa 2Groupware Core Zarafa Nov 21, 2024 Mar 31, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
CVE-2019-7219 1Zarafa 1Webaccess Nov 21, 2024 Apr 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa...Show more Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.Show less
CVE-2014-5450 1Zarafa 1Zarafa Collaboration Platform Nov 21, 2024 Mar 19, 2018 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.
CVE-2015-6566 2Fedoraproject Zarafa 2Fedora Zarafa Collaboration Platform May 6, 2026 Jan 11, 2016 N/A· v4 8.4 HIGH· v3 7.2 HIGH· v2 zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
CVE-2015-3436 1Zarafa 1Zarafa Collaboration Platform May 6, 2026 Jun 9, 2015 N/A· v4 N/A· v3 6.6 MEDIUM· v2 provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
CVE-2014-9465 2Fedoraproject Zarafa 3Fedora WebappZarafa Collaboration Platform May 6, 2026 Feb 19, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp d...Show more senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.Show less
CVE-2014-5449 1Zarafa 2Webaccess Webapp May 6, 2026 Oct 20, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
CVE-2014-5448 1Zarafa 1Zarafa May 6, 2026 Oct 20, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
CVE-2014-5447 1Zarafa 2Webapp Zarafa May 6, 2026 Oct 20, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because...Show more Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.Show less
CVE-2014-0103 2Fedoraproject Zarafa 3Fedora WebappZarafa May 6, 2026 Jul 29, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
CVE-2014-0079 1Zarafa 1Zarafa May 6, 2026 Apr 28, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors relat...Show more The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."Show less
CVE-2014-0037 1Zarafa 1Zarafa May 6, 2026 Apr 28, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."