Lucene search

Synacor Security Vulnerabilities

cve

CVE-2020-18985

An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing.

6.1CVSS

6.2AI Score

0.001EPSS

2021-12-15 11:15 PM

cve

CVE-2020-7796

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

9.8CVSS

9.4AI Score

0.778EPSS

2020-02-18 10:15 PM

cve

CVE-2020-8633

An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.

5.3CVSS

5.2AI Score

0.001EPSS

2020-02-18 10:15 PM

cve

CVE-2022-3569

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

7.8CVSS

7.9AI Score

0.002EPSS

2022-10-17 11:15 PM

Total number of security vulnerabilities54