Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

zimbra collaboration 8.8.10 vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3
CVE-2019-6980
Synacor Zimbra Collaboration Suite 8.7.x up to and including 8.8.11 allows insecure object deserialization in the IMAP component.
Synacor Zimbra Collaboration Suite 8.8.10Synacor Zimbra Collaboration Suite 8.8.9Synacor Zimbra Collaboration Suite 8.7.11Synacor Zimbra Collaboration Suite 8.8.11Synacor Zimbra Collaboration Suite
9.8
CVSSv3
CVE-2018-20160
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
Synacor Zimbra Collaboration Suite 8.8.10Synacor Zimbra Collaboration Suite 8.8.9Synacor Zimbra Collaboration SuiteSynacor Zimbra Collaboration Suite 8.7.11Synacor Zimbra Collaboration Suite 8.8.11
7.8
CVSSv3
CVE-2022-37393
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute...
Zimbra Collaboration 9.0.0Zimbra Collaboration 8.8.15Zimbra Collaboration 8.7.6Zimbra Collaboration 8.7.7Zimbra Collaboration 8.7.9Zimbra Collaboration 8.7.10Zimbra Collaboration 8.7.11Zimbra Collaboration 8.8.0Zimbra Collaboration 8.8.2Zimbra Collaboration 8.8.3Zimbra Collaboration 8.8.4Zimbra Collaboration 8.8.6Zimbra Collaboration 8.8.7Zimbra Collaboration 8.8.8Zimbra Collaboration 8.8.9Zimbra Collaboration 8.8.10Zimbra Collaboration 8.8.11Zimbra Collaboration 8.8.12
7.5
CVSSv3
CVE-2019-9621
Zimbra Collaboration Suite prior to 8.6 patch 13, 8.7.x prior to 8.7.11 patch 10, and 8.8.x prior to 8.8.10 patch 7 or 8.8.x prior to 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Zimbra Collaboration Server 8.6.0Zimbra Collaboration ServerZimbra Collaboration Server 8.7.11Zimbra Collaboration Server 8.8.10Zimbra Collaboration Server 8.8.11
6.5
CVSSv3
CVE-2019-6981
Zimbra Collaboration Suite 8.7.x up to and including 8.8.11 allows Blind SSRF in the Feed component.
Synacor Zimbra Collaboration Suite 8.8.11Synacor Zimbra Collaboration Suite 8.8.10Synacor Zimbra Collaboration Suite 8.8.9Synacor Zimbra Collaboration Suite 8.7.11Synacor Zimbra Collaboration Suite
6.1
CVSSv3
CVE-2018-14013
Synacor Zimbra Collaboration Suite Collaboration prior to 8.8.11 has XSS in the AJAX and html web clients.
Synacor Zimbra Collaboration Suite 8.8.10Synacor Zimbra Collaboration Suite 8.8.9Synacor Zimbra Collaboration SuiteSynacor Zimbra Collaboration Suite 8.7.11Synacor Zimbra Collaboration Suite 8.8.11
6.1
CVSSv3
CVE-2018-18631
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 prior to 8.7.11 Patch 7, and 8.8 prior to 8.8.10 Patch 2 has Persistent XSS.
Synacor Zimbra Collaboration Suite 8.8.9Synacor Zimbra Collaboration Suite 8.7.11Synacor Zimbra Collaboration SuiteSynacor Zimbra Collaboration Suite 8.8.10Synacor Zimbra Collaboration Suite 8.6.0
5.3
CVSSv3
CVE-2018-17938
Zimbra Collaboration prior to 8.8.10 GA allows text content spoofing via a loginErrorCode value.
Synacor Zimbra Collaboration Suite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook