Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Zarafa Subscribe
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-28994 2 Kopano, Zarafa 2 Groupware Core, Zarafa 2022-07-12 5.0 MEDIUM 7.5 HIGH
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
CVE-2019-7219 1 Zarafa 1 Webaccess 2019-04-26 4.3 MEDIUM 6.1 MEDIUM
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
CVE-2014-5450 1 Zarafa 1 Zarafa Collaboration Platform 2018-04-20 2.1 LOW 5.5 MEDIUM
Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.
CVE-2014-5448 1 Zarafa 1 Zarafa 2017-09-07 2.1 LOW N/A
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
CVE-2014-5449 1 Zarafa 2 Webaccess, Webapp 2017-09-07 2.1 LOW N/A
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
CVE-2015-3436 1 Zarafa 1 Zarafa Collaboration Platform 2016-12-05 6.6 MEDIUM N/A
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
CVE-2014-9465 2 Fedoraproject, Zarafa 3 Fedora, Webapp, Zarafa Collaboration Platform 2016-04-07 5.0 MEDIUM N/A
senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform (ZCP) 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service (/tmp disk consumption) by uploading a large number of files.
CVE-2015-6566 2 Fedoraproject, Zarafa 2 Fedora, Zarafa Collaboration Platform 2016-01-13 7.2 HIGH 8.4 HIGH
zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.
CVE-2014-5447 1 Zarafa 2 Webapp, Zarafa 2015-11-17 2.1 LOW N/A
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
CVE-2014-0103 2 Fedoraproject, Zarafa 3 Fedora, Webapp, Zarafa 2015-11-04 2.1 LOW N/A
WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
CVE-2014-0079 1 Zarafa 1 Zarafa 2014-04-29 5.0 MEDIUM N/A
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
CVE-2014-0037 1 Zarafa 1 Zarafa 2014-04-29 5.0 MEDIUM N/A
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."