Search criteria
12 vulnerabilities by zarafa
CVE-2021-28994 (GCVE-0-2021-28994)
Vulnerability from cvelistv5 – Published: 2021-03-31 22:11 – Updated: 2024-08-03 21:55
VLAI
Summary
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2021/… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/04/01/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/04/25/1 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-25T02:06:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2021/03/19/6",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28994",
"datePublished": "2021-03-31T22:11:56.000Z",
"dateReserved": "2021-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:55:12.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7219 (GCVE-0-2019-7219)
Vulnerability from cvelistv5 – Published: 2019-04-11 18:43 – Updated: 2024-08-04 20:46
VLAI
Summary
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://stash.kopano.io/repos?visibility=public | x_refsource_MISC |
| https://github.com/verifysecurity/CVE-2019-7219 | x_refsource_MISC |
Date Public
2019-02-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:46:44.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://stash.kopano.io/repos?visibility=public"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/verifysecurity/CVE-2019-7219"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-26T14:14:10.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://stash.kopano.io/repos?visibility=public"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/verifysecurity/CVE-2019-7219"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://stash.kopano.io/repos?visibility=public",
"refsource": "MISC",
"url": "https://stash.kopano.io/repos?visibility=public"
},
{
"name": "https://github.com/verifysecurity/CVE-2019-7219",
"refsource": "MISC",
"url": "https://github.com/verifysecurity/CVE-2019-7219"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7219",
"datePublished": "2019-04-11T18:43:58.000Z",
"dateReserved": "2019-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:46:44.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5450 (GCVE-0-2014-5450)
Vulnerability from cvelistv5 – Published: 2018-03-19 21:00 – Updated: 2024-08-06 11:48
VLAI
Summary
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1133439 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.openwall.com/lists/oss-security/2014/08/25/1 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/69370 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-08-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-9754",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1133439"
},
{
"name": "FEDORA-2014-9768",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137232.html"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/25/1"
},
{
"name": "69370",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69370"
},
{
"name": "zarafa-license-info-disc(95454)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95454"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-19T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2014-9754",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1133439"
},
{
"name": "FEDORA-2014-9768",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137232.html"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/08/25/1"
},
{
"name": "69370",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69370"
},
{
"name": "zarafa-license-info-disc(95454)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95454"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-9754",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1133439",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1133439"
},
{
"name": "FEDORA-2014-9768",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/137232.html"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/08/25/1"
},
{
"name": "69370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69370"
},
{
"name": "zarafa-license-info-disc(95454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95454"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5450",
"datePublished": "2018-03-19T21:00:00.000Z",
"dateReserved": "2014-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:48:48.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6566 (GCVE-0-2015-6566)
Vulnerability from cvelistv5 – Published: 2016-01-11 15:00 – Updated: 2024-08-06 07:22
VLAI
Summary
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://jira.zarafa.com/browse/ZCP-13572 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://jira.zarafa.com/browse/ZCP-13533 | x_refsource_CONFIRM |
| https://download.zarafa.com/community/final/7.2/f… | x_refsource_CONFIRM |
Date Public
2015-10-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:22.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.zarafa.com/browse/ZCP-13572"
},
{
"name": "FEDORA-2015-a275fd68f2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172605.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.zarafa.com/browse/ZCP-13533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://download.zarafa.com/community/final/7.2/final-changelog-7.2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-01-11T14:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.zarafa.com/browse/ZCP-13572"
},
{
"name": "FEDORA-2015-a275fd68f2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172605.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.zarafa.com/browse/ZCP-13533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://download.zarafa.com/community/final/7.2/final-changelog-7.2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-6566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.zarafa.com/browse/ZCP-13572",
"refsource": "CONFIRM",
"url": "https://jira.zarafa.com/browse/ZCP-13572"
},
{
"name": "FEDORA-2015-a275fd68f2",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172605.html"
},
{
"name": "https://jira.zarafa.com/browse/ZCP-13533",
"refsource": "CONFIRM",
"url": "https://jira.zarafa.com/browse/ZCP-13533"
},
{
"name": "https://download.zarafa.com/community/final/7.2/final-changelog-7.2.txt",
"refsource": "CONFIRM",
"url": "https://download.zarafa.com/community/final/7.2/final-changelog-7.2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-6566",
"datePublished": "2016-01-11T15:00:00.000Z",
"dateReserved": "2015-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:22:22.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3436 (GCVE-0-2015-3436)
Vulnerability from cvelistv5 – Published: 2015-06-09 14:00 – Updated: 2024-08-06 05:47
VLAI
Summary
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.securityfocus.com/bid/75104 | vdb-entryx_refsource_BID |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://jira.zarafa.com/browse/ZCP-13282 | x_refsource_CONFIRM |
Date Public
2015-05-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.820Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-8479",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html"
},
{
"name": "75104",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75104"
},
{
"name": "FEDORA-2015-8487",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159497.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.zarafa.com/browse/ZCP-13282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2015-8479",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html"
},
{
"name": "75104",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75104"
},
{
"name": "FEDORA-2015-8487",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159497.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.zarafa.com/browse/ZCP-13282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-3436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-8479",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159455.html"
},
{
"name": "75104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75104"
},
{
"name": "FEDORA-2015-8487",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159497.html"
},
{
"name": "https://jira.zarafa.com/browse/ZCP-13282",
"refsource": "CONFIRM",
"url": "https://jira.zarafa.com/browse/ZCP-13282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-3436",
"datePublished": "2015-06-09T14:00:00.000Z",
"dateReserved": "2015-04-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:47:57.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9465 (GCVE-0-2014-9465)
Vulnerability from cvelistv5 – Published: 2015-02-19 15:00 – Updated: 2024-08-06 13:47
VLAI
Summary
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://download.zarafa.com/community/beta/7.1/cha… | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2015/0… | mailing-listx_refsource_MLIST |
| https://jira.zarafa.com/browse/ZCP-12596 | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://security.robert-scheck.de/cve-2014-9465-zarafa/ | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/12/07/2 | mailing-listx_refsource_MLIST |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://advisories.mageia.org/MGASA-2015-0049.html | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1139442 | x_refsource_CONFIRM |
| http://download.zarafa.com/community/beta/7.2/cha… | x_refsource_CONFIRM |
Date Public
2014-12-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.359Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2015:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:040"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt"
},
{
"name": "[oss-security] 20150103 Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/10"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jira.zarafa.com/browse/ZCP-12596"
},
{
"name": "FEDORA-2015-5864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.robert-scheck.de/cve-2014-9465-zarafa/"
},
{
"name": "[oss-security] 20141207 CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/07/2"
},
{
"name": "FEDORA-2015-5823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0049.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-04T20:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2015:040",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:040"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt"
},
{
"name": "[oss-security] 20150103 Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/10"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jira.zarafa.com/browse/ZCP-12596"
},
{
"name": "FEDORA-2015-5864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.robert-scheck.de/cve-2014-9465-zarafa/"
},
{
"name": "[oss-security] 20141207 CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/07/2"
},
{
"name": "FEDORA-2015-5823",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0049.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:040",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:040"
},
{
"name": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt",
"refsource": "CONFIRM",
"url": "http://download.zarafa.com/community/beta/7.1/changelog-7.1.txt"
},
{
"name": "[oss-security] 20150103 Re: CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/03/10"
},
{
"name": "https://jira.zarafa.com/browse/ZCP-12596",
"refsource": "CONFIRM",
"url": "https://jira.zarafa.com/browse/ZCP-12596"
},
{
"name": "FEDORA-2015-5864",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156228.html"
},
{
"name": "http://security.robert-scheck.de/cve-2014-9465-zarafa/",
"refsource": "MISC",
"url": "http://security.robert-scheck.de/cve-2014-9465-zarafa/"
},
{
"name": "[oss-security] 20141207 CVE request: Unauthenticated remote disk space exhaustion in Zarafa WebAccess and WebApp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/12/07/2"
},
{
"name": "FEDORA-2015-5823",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156112.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0049.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0049.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1139442"
},
{
"name": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt",
"refsource": "CONFIRM",
"url": "http://download.zarafa.com/community/beta/7.2/changelog-7.2.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9465",
"datePublished": "2015-02-19T15:00:00.000Z",
"dateReserved": "2015-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:47:41.359Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5449 (GCVE-0-2014-5449)
Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
VLAI
Summary
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q3/444 | mailing-listx_refsource_MLIST |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://advisories.mageia.org/MGASA-2014-0380.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/69369 | vdb-entryx_refsource_BID |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://seclists.org/oss-sec/2014/q3/445 | mailing-listx_refsource_MLIST |
Date Public
2014-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.455Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "webaccess-webapp-information-disc(95453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95453"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "69369",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69369"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "webaccess-webapp-information-disc(95453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95453"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "69369",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69369"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "webaccess-webapp-information-disc(95453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95453"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0380.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "69369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69369"
},
{
"name": "MDVSA-2014:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5449",
"datePublished": "2014-10-20T15:00:00.000Z",
"dateReserved": "2014-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:48:48.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5447 (GCVE-0-2014-5447)
Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
VLAI
Summary
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2014/q3/444 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/69362 | vdb-entryx_refsource_BID |
| http://advisories.mageia.org/MGASA-2014-0380.html | x_refsource_CONFIRM |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://seclists.org/oss-sec/2014/q3/445 | mailing-listx_refsource_MLIST |
Date Public
2014-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69362"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-31T13:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69362"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "69362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69362"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0380.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "MDVSA-2014:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5447",
"datePublished": "2014-10-20T15:00:00.000Z",
"dateReserved": "2014-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:48:48.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5448 (GCVE-0-2014-5448)
Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
VLAI
Summary
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/69365 | vdb-entryx_refsource_BID |
| http://seclists.org/oss-sec/2014/q3/444 | mailing-listx_refsource_MLIST |
| http://advisories.mageia.org/MGASA-2014-0380.html | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| http://seclists.org/oss-sec/2014/q3/445 | mailing-listx_refsource_MLIST |
Date Public
2014-08-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:48:48.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "69365",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/69365"
},
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "zarafa-logzarafa-info-disc(95452)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-08-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "69365",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/69365"
},
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "zarafa-logzarafa-info-disc(95452)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "69365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69365"
},
{
"name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/444"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0380.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "zarafa-logzarafa-info-disc(95452)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
},
{
"name": "MDVSA-2014:182",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
},
{
"name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/445"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5448",
"datePublished": "2014-10-20T15:00:00.000Z",
"dateReserved": "2014-08-25T00:00:00.000Z",
"dateUpdated": "2024-08-06T11:48:48.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0103 (GCVE-0-2014-0103)
Vulnerability from cvelistv5 – Published: 2014-07-29 14:00 – Updated: 2024-08-06 09:05
VLAI
Summary
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1073618 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/68247 | vdb-entryx_refsource_BID |
| http://advisories.mageia.org/MGASA-2014-0380.html | x_refsource_CONFIRM |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2014-06-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:39.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-7889",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
},
{
"name": "68247",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68247"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "FEDORA-2014-7896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-31T13:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2014-7889",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
},
{
"name": "68247",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68247"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0380.html"
},
{
"name": "FEDORA-2014-7896",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
},
{
"name": "MDVSA-2014:182",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0103",
"datePublished": "2014-07-29T14:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:39.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0079 (GCVE-0-2014-0079)
Vulnerability from cvelistv5 – Published: 2014-04-28 14:00 – Updated: 2024-08-06 09:05
VLAI
Summary
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1059903 | x_refsource_CONFIRM |
Date Public
2014-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the password.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-28T11:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0079",
"datePublished": "2014-04-28T14:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T09:05:38.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0037 (GCVE-0-2014-0037)
Vulnerability from cvelistv5 – Published: 2014-04-28 14:00 – Updated: 2024-08-06 08:58
VLAI
Summary
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1056767 | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2014/0… | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRIVA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1059903 | x_refsource_CONFIRM |
Date Public
2014-02-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:58:26.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
},
{
"name": "[oss-security] 20140131 Security Flaw CVE-2014-0037",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
},
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the username.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-28T11:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
},
{
"name": "[oss-security] 20140131 Security Flaw CVE-2014-0037",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
},
{
"name": "MDVSA-2014:044",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0037",
"datePublished": "2014-04-28T14:00:00.000Z",
"dateReserved": "2013-12-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:58:26.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}