Vendor CVEs
Open-Xchange
All CVEs
256 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-26439 | 0.00 | — | 0.00 | Aug 2, 2023 | The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users… | |||
| CVE-2023-26438 | 0.00 | — | 0.01 | Aug 2, 2023 | External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network… | |||
| CVE-2023-26430 | 0.00 | — | 0.01 | Aug 2, 2023 | Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup… | |||
| CVE-2023-26436 | 0.00 | — | 0.01 | Jun 20, 2023 | Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being… | |||
| CVE-2023-26435 | 0.00 | — | 0.01 | Jun 20, 2023 | It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system… | |||
| CVE-2023-26434 | 0.00 | — | 0.01 | Jun 20, 2023 | When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit… | |||
| CVE-2023-26433 | 0.00 | — | 0.01 | Jun 20, 2023 | When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit… | |||
| CVE-2023-26432 | 0.00 | — | 0.01 | Jun 20, 2023 | When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit… | |||
| CVE-2023-26429 | 0.00 | — | 0.01 | Jun 20, 2023 | Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the… | |||
| CVE-2023-26428 | 0.00 | — | 0.01 | Jun 20, 2023 | Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not… | |||
| CVE-2023-24598 | 0.00 | — | 0.01 | May 29, 2023 | OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user. | |||
| CVE-2023-24602 | 0.00 | — | 0.00 | May 29, 2023 | OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title. | |||
| CVE-2023-24600 | 0.00 | — | 0.01 | May 29, 2023 | OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book. | |||
| CVE-2023-24601 | 0.00 | — | 0.00 | May 29, 2023 | OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree. | |||
| CVE-2023-24597 | 0.00 | — | 0.01 | May 29, 2023 | OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing. | |||
| CVE-2023-24605 | 0.00 | — | 0.00 | May 29, 2023 | OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens. | |||
| CVE-2023-24599 | 0.00 | — | 0.01 | May 29, 2023 | OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion." | |||
| CVE-2023-24604 | 0.00 | — | 0.01 | May 29, 2023 | OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data. | |||
| CVE-2023-24603 | 0.00 | — | 0.01 | May 29, 2023 | OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data. | |||
| CVE-2022-37306 | 0.00 | — | 0.01 | Apr 16, 2023 | OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger. | |||
| CVE-2022-43697 | 0.00 | — | 0.00 | Apr 15, 2023 | OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. | |||
| CVE-2022-43699 | 0.00 | — | 0.00 | Apr 15, 2023 | OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address). | |||
| CVE-2022-43696 | 0.00 | — | 0.00 | Apr 15, 2023 | OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. | |||
| CVE-2022-43698 | 0.00 | — | 0.00 | Apr 15, 2023 | OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. | |||
| CVE-2022-37313 | 0.00 | — | 0.01 | Dec 26, 2022 | OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record. | |||
| CVE-2022-37310 | 0.00 | — | 0.01 | Dec 26, 2022 | OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI. | |||
| CVE-2022-37311 | 0.00 | — | 0.01 | Dec 26, 2022 | OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet. | |||
| CVE-2022-37309 | 0.00 | — | 0.01 | Dec 26, 2022 | OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name. | |||
| CVE-2022-37308 | 0.00 | — | 0.01 | Dec 26, 2022 | OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages. | |||
| CVE-2022-37312 | 0.00 | — | 0.01 | Dec 26, 2022 | OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet. | |||
| CVE-2022-37307 | 0.00 | — | 0.01 | Dec 26, 2022 | OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature. | |||
| CVE-2022-31469 | 0.00 | — | 0.01 | Dec 26, 2022 | OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI. | |||
| CVE-2022-29853 | 0.00 | — | 0.00 | Dec 26, 2022 | OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message. | |||
| CVE-2022-29851 | 0.00 | — | 0.04 | Oct 24, 2022 | documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document. | |||
| CVE-2022-31468 | 0.00 | — | 0.00 | Oct 24, 2022 | OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter. | |||
| CVE-2022-24406 | 0.00 | — | 0.01 | Jul 27, 2022 | OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. | |||
| CVE-2022-23101 | 0.00 | — | 0.01 | Jul 27, 2022 | OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message. | |||
| CVE-2022-23099 | 0.00 | — | 0.01 | Jul 27, 2022 | OX App Suite through 7.10.6 allows XSS by forcing block-wise read. | |||
| CVE-2021-44213 | 0.00 | — | 0.01 | Mar 28, 2022 | OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message. | |||
| CVE-2021-44212 | 0.00 | — | 0.01 | Mar 28, 2022 | OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring. | |||
| CVE-2021-44211 | 0.00 | — | 0.01 | Mar 28, 2022 | OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. | |||
| CVE-2021-44210 | 0.00 | — | 0.01 | Mar 28, 2022 | OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. | |||
| CVE-2021-44209 | 0.00 | — | 0.01 | Mar 28, 2022 | OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. | |||
| CVE-2021-44208 | 0.00 | — | 0.01 | Mar 28, 2022 | OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. | |||
| CVE-2021-38378 | 0.00 | — | 0.01 | Nov 22, 2021 | OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name. | |||
| CVE-2021-38377 | 0.00 | — | 0.01 | Nov 22, 2021 | OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. | |||
| CVE-2021-38376 | 0.00 | — | 0.01 | Nov 22, 2021 | OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. | |||
| CVE-2021-38375 | 0.00 | — | 0.01 | Nov 22, 2021 | OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. | |||
| CVE-2021-33495 | 0.00 | — | 0.01 | Nov 22, 2021 | OX App Suite 7.10.5 allows XSS via an OX Chat system message. | |||
| CVE-2021-33494 | 0.00 | — | 0.01 | Nov 22, 2021 | OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. |
- CVE-2023-26439Aug 2, 2023risk 0.00cvss —epss 0.00
The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users…
- CVE-2023-26438Aug 2, 2023risk 0.00cvss —epss 0.01
External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network…
- CVE-2023-26430Aug 2, 2023risk 0.00cvss —epss 0.01
Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup…
- CVE-2023-26436Jun 20, 2023risk 0.00cvss —epss 0.01
Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being…
- CVE-2023-26435Jun 20, 2023risk 0.00cvss —epss 0.01
It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system…
- CVE-2023-26434Jun 20, 2023risk 0.00cvss —epss 0.01
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit…
- CVE-2023-26433Jun 20, 2023risk 0.00cvss —epss 0.01
When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit…
- CVE-2023-26432Jun 20, 2023risk 0.00cvss —epss 0.01
When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit…
- CVE-2023-26429Jun 20, 2023risk 0.00cvss —epss 0.01
Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the…
- CVE-2023-26428Jun 20, 2023risk 0.00cvss —epss 0.01
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not…
- CVE-2023-24598May 29, 2023risk 0.00cvss —epss 0.01
OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user.
- CVE-2023-24602May 29, 2023risk 0.00cvss —epss 0.00
OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.
- CVE-2023-24600May 29, 2023risk 0.00cvss —epss 0.01
OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.
- CVE-2023-24601May 29, 2023risk 0.00cvss —epss 0.00
OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree.
- CVE-2023-24597May 29, 2023risk 0.00cvss —epss 0.01
OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing.
- CVE-2023-24605May 29, 2023risk 0.00cvss —epss 0.00
OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.
- CVE-2023-24599May 29, 2023risk 0.00cvss —epss 0.01
OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."
- CVE-2023-24604May 29, 2023risk 0.00cvss —epss 0.01
OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.
- CVE-2023-24603May 29, 2023risk 0.00cvss —epss 0.01
OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data.
- CVE-2022-37306Apr 16, 2023risk 0.00cvss —epss 0.01
OX App Suite before 7.10.6-rev30 allows XSS via an upsell trigger.
- CVE-2022-43697Apr 15, 2023risk 0.00cvss —epss 0.00
OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.
- CVE-2022-43699Apr 15, 2023risk 0.00cvss —epss 0.00
OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).
- CVE-2022-43696Apr 15, 2023risk 0.00cvss —epss 0.00
OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.
- CVE-2022-43698Apr 15, 2023risk 0.00cvss —epss 0.00
OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.
- CVE-2022-37313Dec 26, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.6 allows SSRF because the anti-SSRF protection mechanism only checks the first DNS AA or AAAA record.
- CVE-2022-37310Dec 26, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.6 allows XSS via a malicious capability to the metrics or help module, as demonstrated by a /#!!&app=io.ox/files&cap= URI.
- CVE-2022-37311Dec 26, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large location request parameter to the redirect servlet.
- CVE-2022-37309Dec 26, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.6 allows XSS via script code within a contact that has an e-mail address but lacks a name.
- CVE-2022-37308Dec 26, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.6 allows XSS via HTML in text/plain e-mail messages.
- CVE-2022-37312Dec 26, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.6 has Uncontrolled Resource Consumption via a large request body containing a redirect URL to the deferrer servlet.
- CVE-2022-37307Dec 26, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature.
- CVE-2022-31469Dec 26, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.6 allows XSS via a deep link, as demonstrated by class="deep-link-app" for a /#!!&app=%2e./ URI.
- CVE-2022-29853Dec 26, 2022risk 0.00cvss —epss 0.00
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message.
- CVE-2022-29851Oct 24, 2022risk 0.00cvss —epss 0.04
documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.
- CVE-2022-31468Oct 24, 2022risk 0.00cvss —epss 0.00
OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.
- CVE-2022-24406Jul 27, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls.
- CVE-2022-23101Jul 27, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.
- CVE-2022-23099Jul 27, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.6 allows XSS by forcing block-wise read.
- CVE-2021-44213Mar 28, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.
- CVE-2021-44212Mar 28, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.
- CVE-2021-44211Mar 28, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.
- CVE-2021-44210Mar 28, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.
- CVE-2021-44209Mar 28, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.
- CVE-2021-44208Mar 28, 2022risk 0.00cvss —epss 0.01
OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.
- CVE-2021-38378Nov 22, 2021risk 0.00cvss —epss 0.01
OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.
- CVE-2021-38377Nov 22, 2021risk 0.00cvss —epss 0.01
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.
- CVE-2021-38376Nov 22, 2021risk 0.00cvss —epss 0.01
OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.
- CVE-2021-38375Nov 22, 2021risk 0.00cvss —epss 0.01
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.
- CVE-2021-33495Nov 22, 2021risk 0.00cvss —epss 0.01
OX App Suite 7.10.5 allows XSS via an OX Chat system message.
- CVE-2021-33494Nov 22, 2021risk 0.00cvss —epss 0.01
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.
Page 3 of 6