Filtered by vendor Open-xchange
Subscribe
Search
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-29050 | 1 Open-xchange | 1 Ox App Suite | 2024-01-12 | N/A | 9.6 CRITICAL |
| The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known. | |||||
| CVE-2023-26443 | 1 Open-xchange | 1 Open-xchange Appsuite Backend | 2024-01-12 | N/A | 9.8 CRITICAL |
| Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known. | |||||
| CVE-2020-12645 | 1 Open-xchange | 1 Open-xchange Appsuite | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. | |||||
| CVE-2019-7158 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| OX App Suite 7.10.0 and earlier has Incorrect Access Control. | |||||
| CVE-2017-13667 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-28 | 6.5 MEDIUM | 9.9 CRITICAL |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF. | |||||
| CVE-2017-17060 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Insecure Permissions. | |||||
| CVE-2017-5210 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Information Exposure. | |||||
| CVE-2017-5212 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Open-Xchange GmbH OX App Suite 7.8.3 is affected by: Incorrect Access Control. | |||||
| CVE-2017-5863 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Incorrect Access Control. | |||||