VYPR

Appsuite

by Open-Xchange

CVEs (218)

  • CVE-2023-29043Nov 2, 2023
    risk 0.00cvss epss 0.00

    Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when…

  • CVE-2023-26455Nov 2, 2023
    risk 0.00cvss epss 0.00

    RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated…

  • CVE-2023-26453Nov 2, 2023
    risk 0.00cvss epss 0.00

    Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL…

  • CVE-2023-26452Nov 2, 2023
    risk 0.00cvss epss 0.00

    Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by…

  • CVE-2023-26450Aug 2, 2023
    risk 0.00cvss epss 0.01

    The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit…

  • CVE-2023-26448Aug 2, 2023
    risk 0.00cvss epss 0.01

    Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface…

  • CVE-2023-26446Aug 2, 2023
    risk 0.00cvss epss 0.01

    The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit…

  • CVE-2023-26445Aug 2, 2023
    risk 0.00cvss epss 0.01

    Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the…

  • CVE-2023-26442Aug 2, 2023
    risk 0.00cvss epss 0.00

    In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control…

  • CVE-2023-26441Aug 2, 2023
    risk 0.00cvss epss 0.00

    Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are…

  • CVE-2023-26440Aug 2, 2023
    risk 0.00cvss epss 0.00

    The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have…

  • CVE-2023-26439Aug 2, 2023
    risk 0.00cvss epss 0.00

    The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users…

  • CVE-2023-26438Aug 2, 2023
    risk 0.00cvss epss 0.01

    External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network…

  • CVE-2023-26430Aug 2, 2023
    risk 0.00cvss epss 0.01

    Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup…

  • CVE-2023-26436Jun 20, 2023
    risk 0.00cvss epss 0.01

    Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being…

  • CVE-2023-26435Jun 20, 2023
    risk 0.00cvss epss 0.01

    It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system…

  • CVE-2023-26434Jun 20, 2023
    risk 0.00cvss epss 0.01

    When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit…

  • CVE-2023-26433Jun 20, 2023
    risk 0.00cvss epss 0.01

    When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit…

  • CVE-2023-26432Jun 20, 2023
    risk 0.00cvss epss 0.01

    When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit…

  • CVE-2023-26429Jun 20, 2023
    risk 0.00cvss epss 0.01

    Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the…

Page 4 of 11