Search criteria
18 vulnerabilities found for zarafa by zarafa
FKIE_CVE-2021-28994
Vulnerability from fkie_nvd - Published: 2021-03-31 23:15 - Updated: 2024-11-21 06:00
Severity ?
Summary
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/04/01/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2021/04/25/1 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2021/03/19/6 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/04/01/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/04/25/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2021/03/19/6 | Exploit, Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kopano | groupware_core | * | |
| kopano | groupware_core | * | |
| kopano | groupware_core | * | |
| kopano | groupware_core | * | |
| zarafa | zarafa | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kopano:groupware_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84F068D9-1BEE-4559-B391-A01041894ABE",
"versionEndIncluding": "8.7.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kopano:groupware_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFC6CE68-CEF0-42F9-8084-F4EEBF53A297",
"versionEndIncluding": "9.1.0",
"versionStartIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kopano:groupware_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A95FAD-4AFD-4599-8127-BB21396BB3AB",
"versionEndIncluding": "10.0.7",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kopano:groupware_core:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F603D119-0CBE-48A1-906B-EDD8264F296B",
"versionEndIncluding": "11.0.1",
"versionStartIncluding": "11.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zarafa:zarafa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D10F93ED-7F81-46E0-9255-BD9D48D1DA3A",
"versionEndIncluding": "7.2.6",
"versionStartIncluding": "6.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
},
{
"lang": "es",
"value": "kopano-ical (anteriormente zarafa-ical) en Kopano Groupware Core versi\u00f3n hasta 8.7.16, 9.x hasta 9.1.0, 10.x hasta 10.0.7, y 11.xa hasta11.0.1 y Zarafa 6.30.x hasta 7.2.x, permite el agotamiento de la memoria a trav\u00e9s de encabezados HTTP largos."
}
],
"id": "CVE-2021-28994",
"lastModified": "2024-11-21T06:00:29.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-31T23:15:11.767",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-5447
Vulnerability from fkie_nvd - Published: 2014-10-20 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zarafa:webapp:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F193EC-D724-4F9B-976E-E5F1D57ED3F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "15DE891E-A638-4374-99A4-E1F0154F4AD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
},
{
"lang": "es",
"value": "Zarafa WebAccess 7.1.10 y WebApp 1.6 beta utilizan permisos (644) d\u00e9biles para config.php, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de los ficheros de las sesiones PHP. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2014-0103."
}
],
"id": "CVE-2014-5447",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-20T15:55:04.857",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q3/445"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/69362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q3/445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69362"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-5448
Vulnerability from fkie_nvd - Published: 2014-10-20 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFE4F63-2078-480A-B72A-3DE33CDC344B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files."
},
{
"lang": "es",
"value": "Zarafa 5.00 utiliza permisos de lectura universal para los ficheros en el directorio del registro, lo que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de los ficheros del registro."
}
],
"id": "CVE-2014-5448",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-20T15:55:04.917",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/oss-sec/2014/q3/445"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/69365"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2014/q3/445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/69365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0103
Vulnerability from fkie_nvd - Published: 2014-07-29 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zarafa | webapp | * | |
| zarafa | zarafa | * | |
| zarafa | zarafa | 7.0 | |
| zarafa | zarafa | 7.0.1 | |
| zarafa | zarafa | 7.0.2 | |
| zarafa | zarafa | 7.0.3 | |
| zarafa | zarafa | 7.0.4 | |
| zarafa | zarafa | 7.0.5 | |
| zarafa | zarafa | 7.0.6 | |
| zarafa | zarafa | 7.0.7 | |
| zarafa | zarafa | 7.0.8 | |
| zarafa | zarafa | 7.0.9 | |
| zarafa | zarafa | 7.0.10 | |
| zarafa | zarafa | 7.0.11 | |
| zarafa | zarafa | 7.0.12 | |
| zarafa | zarafa | 7.0.13 | |
| zarafa | zarafa | 7.1.0 | |
| zarafa | zarafa | 7.1.1 | |
| zarafa | zarafa | 7.1.2 | |
| zarafa | zarafa | 7.1.3 | |
| zarafa | zarafa | 7.1.4 | |
| zarafa | zarafa | 7.1.8 | |
| fedoraproject | fedora | 19 | |
| fedoraproject | fedora | 20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zarafa:webapp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4B27EE-B02D-421B-BD95-F2DB5C018D6D",
"versionEndIncluding": "1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28C5C692-39F1-4E64-9190-889384405F90",
"versionEndIncluding": "7.1.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED156852-536D-4F1E-A0F6-AE56A3761B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB87FEAC-53F9-408A-ACC1-8E158C969D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B3295CA-1249-486D-B8B5-BA8D3E51208E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20351915-0737-4116-A5FC-1A599CF4B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8C5B3B-1A70-4C55-8883-C76B4E8B06E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "49114244-F5F6-4170-A774-C4464910C235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8AC6BF-966E-4E2C-816C-8E0408371FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83BBD25D-D9D3-4AEC-BCBD-AF71B1E83306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B82DCF-DBB2-4123-BC2C-CADA57D7BB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9593342-5727-4321-A3D1-106B53807F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "169C423D-EC0F-4515-9D9F-5C836D317818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5918BF47-F84B-44AA-AC6F-2B6ABBDAF559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F7FACD-C812-44E7-AD6E-BDE0D7935C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "562E0822-7D69-4CA0-BF45-90431B902C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC4BF34-15BE-4ECE-B4F8-A0F89CEC134D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B616E103-E23C-472A-BF01-B135C7C9A91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC44763E-0B6F-4F85-BFF4-443F8E8C1DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31107633-C2C7-45C6-AD29-C201FB9C91CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3B86A7-D99C-48D1-83A6-74C1B03C51A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0735C7-4626-40F9-BD84-970C120FFA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*",
"matchCriteriaId": "5991814D-CA77-4C25-90D2-DB542B17E0AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files."
},
{
"lang": "es",
"value": "WebAccess en Zarafa anterior a 7.1.10 y WebApp anterior a 1.6 almacena las credenciales en texto claro, lo que permite a usuarios locales de Apache obtener informaci\u00f3n sensible mediante la lectura de los ficheros PHP de sesi\u00f3n."
}
],
"id": "CVE-2014-0103",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-29T14:55:04.640",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/68247"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68247"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0037
Vulnerability from fkie_nvd - Published: 2014-04-28 14:09 - Updated: 2025-04-12 10:46
Severity ?
Summary
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFE4F63-2078-480A-B72A-3DE33CDC344B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "8F94B071-7F2E-43FE-97CA-4D197C974113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "49C995CA-336C-4A1C-823D-9EBA045AD1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "58078592-63A0-4B33-9B0C-7746BC1447AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E49A5667-0871-41DC-9EB6-FA023F0ED09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "984D2E0A-5BA5-421B-84C3-679A78DB635F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3250F9C2-3C5B-4E68-A16E-2708821C27D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.00:*:*:*:*:*:*:*",
"matchCriteriaId": "423607B2-4333-490F-9C85-FFB839B62FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.01:*:*:*:*:*:*:*",
"matchCriteriaId": "538BEF9A-0FDA-4C89-A4C6-09B3800A5D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3B81A4C9-9722-4F6F-A622-C906EE6032E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "F6AF323B-28EF-4682-91E6-F63CBE31EBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E76A6A-ED91-453B-BE25-A05A9AEEB09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BDBB142-6537-4E04-9217-6855CADB70C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CD1C27-CD1D-41A0-B769-3F5AE7CA6018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1946E4AC-F8B1-41CD-8EB7-56D09CC05F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E21659BE-482A-4728-BF16-30AA1B54B9A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.20.5:*:*:*:*:*:*:*",
"matchCriteriaId": "29CCF0DA-18CA-477F-B5C6-656A8741986C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.20.6:*:*:*:*:*:*:*",
"matchCriteriaId": "46D40D82-352E-4354-A258-2F67927BAF60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "41EBF40F-1E96-4BFE-9E3A-F0363971F334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.20.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87625EE1-B44B-48E3-89F9-FDF73C6E7483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.20.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C745286A-7F09-4029-A853-29B5FE58ACA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DF617825-5411-4261-945B-CC947DEBE2DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "312953B3-DC4A-4A9E-AB7A-D2617608957A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E3033976-BF73-477C-A3C2-DDB4A5A1F2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0A480601-5B1C-42B2-A1ED-1ECADF27AB97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6DB903-BB04-492E-B490-5E714570900B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F53C514B-DCDD-4D5F-8C74-CB368D9F0317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB02B61E-F4EC-4825-B68C-5A516B34D39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.8:*:*:*:*:*:*:*",
"matchCriteriaId": "712FC963-72A1-409D-8800-ABCC22734E21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.9:*:*:*:*:*:*:*",
"matchCriteriaId": "21CA51E9-8A33-4B14-85B5-9F0C1A65B831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4B57B6F9-C341-4B33-8C51-EDA4AC14FD8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.11:*:*:*:*:*:*:*",
"matchCriteriaId": "759A500E-C890-4EE0-A186-EEDC58A16D65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.13:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD43F29-3C58-408B-9F86-048828500E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.16:*:*:*:*:*:*:*",
"matchCriteriaId": "06DD5900-F9D6-4476-A2BC-FDCC62F24C1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.30.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A986129F-6D72-496B-A009-115BA5FCA81F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B86CC4-B0CC-4291-AF56-62895ABB4A25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3052CEFF-192A-4E2E-9B8A-6FCEA2E73592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2AD93EE-839C-4B6C-8854-EE1FCB43FC0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0826830D-3093-49EE-BCD9-AAF44EEAFF91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D109C2D4-7209-44B6-BD9E-3E15FAAC747F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.6:*:*:*:*:*:*:*",
"matchCriteriaId": "00071755-708D-4C26-8C46-9BB411B08F81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6A2C9AF9-57B4-4351-A099-DD65E4D21379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1B34CA27-75B8-4F9C-A3EB-FE5E731F3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.9:*:*:*:*:*:*:*",
"matchCriteriaId": "358B0695-E72F-4ACB-96E1-7DBAE7981C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.10:*:*:*:*:*:*:*",
"matchCriteriaId": "314222DE-45B0-400B-92DB-5F5FBB88E00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.11:*:*:*:*:*:*:*",
"matchCriteriaId": "FB65E407-02A6-477A-A418-E1AB08A85307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7AD27350-E696-4785-BB7C-14C63B36AE07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3CC85B-D470-4209-912A-CB1F3CE9A98E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EE62658B-8535-4768-BD44-A5CF53456DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A53540-87EC-459C-AE1B-A892E818AE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.16:*:*:*:*:*:*:*",
"matchCriteriaId": "55B3BF65-76D3-43C5-940A-E15FE1F37BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.40.17:*:*:*:*:*:*:*",
"matchCriteriaId": "C4ED0A87-B35C-4A2E-966E-8AB0A1D6A0FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED156852-536D-4F1E-A0F6-AE56A3761B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB87FEAC-53F9-408A-ACC1-8E158C969D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B3295CA-1249-486D-B8B5-BA8D3E51208E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20351915-0737-4116-A5FC-1A599CF4B58F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8C5B3B-1A70-4C55-8883-C76B4E8B06E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "49114244-F5F6-4170-A774-C4464910C235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8AC6BF-966E-4E2C-816C-8E0408371FB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "83BBD25D-D9D3-4AEC-BCBD-AF71B1E83306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B8B82DCF-DBB2-4123-BC2C-CADA57D7BB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B9593342-5727-4321-A3D1-106B53807F22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "169C423D-EC0F-4515-9D9F-5C836D317818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5918BF47-F84B-44AA-AC6F-2B6ABBDAF559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F7FACD-C812-44E7-AD6E-BDE0D7935C90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "562E0822-7D69-4CA0-BF45-90431B902C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC4BF34-15BE-4ECE-B4F8-A0F89CEC134D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B616E103-E23C-472A-BF01-B135C7C9A91D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC44763E-0B6F-4F85-BFF4-443F8E8C1DB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31107633-C2C7-45C6-AD29-C201FB9C91CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4E3B86A7-D99C-48D1-83A6-74C1B03C51A2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the username.\""
},
{
"lang": "es",
"value": "La funci\u00f3n ValidateUserLogon en provider/libserver/ECSession.cpp en Zarafa 5.00 anterior a 7.1.8 beta2 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores relacionados con \"un puntero nulo del nombre de usuario.\""
}
],
"id": "CVE-2014-0037",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-28T14:09:06.080",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0079
Vulnerability from fkie_nvd - Published: 2014-04-28 14:09 - Updated: 2025-04-12 10:46
Severity ?
Summary
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zarafa | zarafa | * | |
| zarafa | zarafa | 5.00 | |
| zarafa | zarafa | 5.01 | |
| zarafa | zarafa | 5.02 | |
| zarafa | zarafa | 5.10 | |
| zarafa | zarafa | 5.11 | |
| zarafa | zarafa | 5.20 | |
| zarafa | zarafa | 5.22 | |
| zarafa | zarafa | 6.00 | |
| zarafa | zarafa | 6.01 | |
| zarafa | zarafa | 6.02 | |
| zarafa | zarafa | 6.03 | |
| zarafa | zarafa | 6.10 | |
| zarafa | zarafa | 6.11 | |
| zarafa | zarafa | 7.1.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zarafa:zarafa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9229E5C7-1B90-4EF9-B25C-3FD16DE7D9CD",
"versionEndIncluding": "6.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8DFE4F63-2078-480A-B72A-3DE33CDC344B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.01:*:*:*:*:*:*:*",
"matchCriteriaId": "8F94B071-7F2E-43FE-97CA-4D197C974113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "49C995CA-336C-4A1C-823D-9EBA045AD1F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "58078592-63A0-4B33-9B0C-7746BC1447AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E49A5667-0871-41DC-9EB6-FA023F0ED09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "984D2E0A-5BA5-421B-84C3-679A78DB635F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3250F9C2-3C5B-4E68-A16E-2708821C27D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.00:*:*:*:*:*:*:*",
"matchCriteriaId": "423607B2-4333-490F-9C85-FFB839B62FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.01:*:*:*:*:*:*:*",
"matchCriteriaId": "538BEF9A-0FDA-4C89-A4C6-09B3800A5D50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3B81A4C9-9722-4F6F-A622-C906EE6032E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "F6AF323B-28EF-4682-91E6-F63CBE31EBF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E76A6A-ED91-453B-BE25-A05A9AEEB09D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7BDBB142-6537-4E04-9217-6855CADB70C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zarafa:zarafa:7.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0735C7-4626-40F9-BD84-970C120FFA09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the password.\""
},
{
"lang": "es",
"value": "La funci\u00f3n ValidateUserLogon en provider/libserver/ECSession.cpp en Zarafa 7.1.8, 6.20.0 y anteriores, cuando utiliza ciertas condiciones build, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores relacionados con \"un puntero nulo de la contrase\u00f1a.\""
}
],
"id": "CVE-2014-0079",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-28T14:09:06.157",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-28994 (GCVE-0-2021-28994)
Vulnerability from cvelistv5 – Published: 2021-03-31 22:11 – Updated: 2024-08-03 21:55
VLAI?
Summary
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-25T02:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2021/03/19/6",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28994",
"datePublished": "2021-03-31T22:11:56",
"dateReserved": "2021-03-22T00:00:00",
"dateUpdated": "2024-08-03T21:55:12.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5447 (GCVE-0-2014-5447)
Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
VLAI?
Summary
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69362"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-31T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69362"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69362"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0380.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5447",
"datePublished": "2014-10-20T15:00:00",
"dateReserved": "2014-08-25T00:00:00",
"dateUpdated": "2024-08-06T11:48:48.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5448 (GCVE-0-2014-5448)
Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
VLAI?
Summary
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69365"
},
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "zarafa-logzarafa-info-disc(95452)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69365"
},
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "zarafa-logzarafa-info-disc(95452)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69365"
},
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0380.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "zarafa-logzarafa-info-disc(95452)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
},
{
"name": "MDVSA-2014:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5448",
"datePublished": "2014-10-20T15:00:00",
"dateReserved": "2014-08-25T00:00:00",
"dateUpdated": "2024-08-06T11:48:48.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0103 (GCVE-0-2014-0103)
Vulnerability from cvelistv5 – Published: 2014-07-29 14:00 – Updated: 2024-08-06 09:05
VLAI?
Summary
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-7889",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
},
{
"name": "68247",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68247"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "FEDORA-2014-7896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-31T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2014-7889",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
},
{
"name": "68247",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68247"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "FEDORA-2014-7896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0103",
"datePublished": "2014-07-29T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0037 (GCVE-0-2014-0037)
Vulnerability from cvelistv5 – Published: 2014-04-28 14:00 – Updated: 2024-08-06 08:58
VLAI?
Summary
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
},
{
"name": "[oss-security] 20140131 Security Flaw CVE-2014-0037",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
},
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the username.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-28T11:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
},
{
"name": "[oss-security] 20140131 Security Flaw CVE-2014-0037",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
},
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0037",
"datePublished": "2014-04-28T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0079 (GCVE-0-2014-0079)
Vulnerability from cvelistv5 – Published: 2014-04-28 14:00 – Updated: 2024-08-06 09:05
VLAI?
Summary
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the password.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-28T11:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0079",
"datePublished": "2014-04-28T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28994 (GCVE-0-2021-28994)
Vulnerability from nvd – Published: 2021-03-31 22:11 – Updated: 2024-08-03 21:55
VLAI?
Summary
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-25T02:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2021/03/19/6",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28994",
"datePublished": "2021-03-31T22:11:56",
"dateReserved": "2021-03-22T00:00:00",
"dateUpdated": "2024-08-03T21:55:12.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5447 (GCVE-0-2014-5447)
Vulnerability from nvd – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
VLAI?
Summary
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69362"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-31T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69362"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69362"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0380.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5447",
"datePublished": "2014-10-20T15:00:00",
"dateReserved": "2014-08-25T00:00:00",
"dateUpdated": "2024-08-06T11:48:48.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5448 (GCVE-0-2014-5448)
Vulnerability from nvd – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
VLAI?
Summary
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69365"
},
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "zarafa-logzarafa-info-disc(95452)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69365"
},
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "zarafa-logzarafa-info-disc(95452)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69365"
},
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0380.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "zarafa-logzarafa-info-disc(95452)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
},
{
"name": "MDVSA-2014:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5448",
"datePublished": "2014-10-20T15:00:00",
"dateReserved": "2014-08-25T00:00:00",
"dateUpdated": "2024-08-06T11:48:48.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0103 (GCVE-0-2014-0103)
Vulnerability from nvd – Published: 2014-07-29 14:00 – Updated: 2024-08-06 09:05
VLAI?
Summary
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-7889",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
},
{
"name": "68247",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68247"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "FEDORA-2014-7896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-31T13:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2014-7889",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
},
{
"name": "68247",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68247"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "FEDORA-2014-7896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0103",
"datePublished": "2014-07-29T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:39.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0037 (GCVE-0-2014-0037)
Vulnerability from nvd – Published: 2014-04-28 14:00 – Updated: 2024-08-06 08:58
VLAI?
Summary
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
},
{
"name": "[oss-security] 20140131 Security Flaw CVE-2014-0037",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
},
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the username.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-28T11:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
},
{
"name": "[oss-security] 20140131 Security Flaw CVE-2014-0037",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
},
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0037",
"datePublished": "2014-04-28T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T08:58:26.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0079 (GCVE-0-2014-0079)
Vulnerability from nvd – Published: 2014-04-28 14:00 – Updated: 2024-08-06 09:05
VLAI?
Summary
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the password.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-28T11:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0079",
"datePublished": "2014-04-28T14:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}