Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration 8.8.15 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-29382
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an malicious user to execute arbitrary code via the sfdc_preauth.jsp component.
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
7.8
CVSSv3
CVE-2022-41347
An issue exists in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which...
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
6.1
CVSSv3
CVE-2019-15313
In Zimbra Collaboration prior to 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.
Zimbra Collaboration Server
Zimbra Collaboration Server 8.8.15
5.3
CVSSv3
CVE-2020-8633
An issue exists in Zimbra Collaboration Suite (ZCS) prior to 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
9.8
CVSSv3
CVE-2020-7796
Zimbra Collaboration Suite (ZCS) prior to 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
6.1
CVSSv3
CVE-2020-13653
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite prior to 8.8.15 Patch 11. It allows an malicious user to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing a...
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
6.1
CVSSv3
CVE-2022-41350
In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.
Zimbra Collaboration 8.8.15
9.8
CVSSv3
CVE-2022-32294
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced.
Zimbra Collaboration 8.8.15
9
CVSSv3
CVE-2023-34192
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated malicious user to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.
Zimbra Collaboration 8.8.15
8.8
CVSSv3
CVE-2023-34193
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.
Zimbra Collaboration 8.8.15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »