Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open-xchange appsuite vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-26434
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now ...
Open-xchange Open-xchange Appsuite Backend
Open-xchange Open-xchange Appsuite Backend 7.10.6
NA
CVE-2023-26435
It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user...
Open-xchange Open-xchange Appsuite Backend
Open-xchange Open-xchange Appsuite Backend 7.10.6
NA
CVE-2023-26436
Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is be...
Open-xchange Open-xchange Appsuite Backend
Open-xchange Open-xchange Appsuite Backend 7.10.6
NA
CVE-2023-26429
Control characters were not removed when exporting user feedback content. This allowed malicious users to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during th...
Open-xchange Open-xchange Appsuite Backend
Open-xchange Open-xchange Appsuite Backend 7.10.6
NA
CVE-2023-26430
Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of...
Open-xchange Open-xchange Appsuite Backend 7.10.6
Open-xchange Open-xchange Appsuite Backend 8.10.0
NA
CVE-2023-26438
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists....
Open-xchange Open-xchange Appsuite Backend 7.10.6
Open-xchange Open-xchange Appsuite Backend 8.10.0
4.3
CVSSv2
CVE-2015-5375
Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite prior to 6.22.8-rev8, 6.22.9 prior to 6.22.9-rev15m, 7.x prior to 7.6.1-rev25, and 7.6.2 prior to 7.6.2-rev20 allows remote malicious us...
Open-xchange Open-xchange Server
Open-xchange Open-xchange Appsuite
4
CVSSv2
CVE-2018-12609
OX App Suite 7.8.4 and previous versions allows Server-Side Request Forgery.
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2018-12611
OX App Suite 7.8.4 and previous versions allows Directory Traversal.
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2017-6913
Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail prior to 7.6.3-rev28 allows remote malicious users to inject arbitrary web script or HTML via the event attribute in a time tag.
Open-xchange Open-xchange Appsuite
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »