Search criteria
4 vulnerabilities by kopano
CVE-2022-26562 (GCVE-0-2022-26562)
Vulnerability from cvelistv5 – Published: 2022-04-01 00:00 – Updated: 2024-08-03 05:03
VLAI
Summary
An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa >= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kopano.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://stash.kopano.io/projects/KC/repos/kopanocore/browse/provider/libserver/ECKrbAuth.cpp#137"
},
{
"name": "[debian-lts-announce] 20230306 [SECURITY] [DLA 3354-1] kopanocore security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.kopano.io/browse/KC-2021"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Kopano-dev/kopano-core/blob/master/provider/libserver/ECKrbAuth.cpp#L137"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192126"
},
{
"tags": [
"x_transferred"
],
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-342b96903b"
},
{
"tags": [
"x_transferred"
],
"url": "https://src.fedoraproject.org/rpms/zarafa/c/a5a8366ccf07f248fae6edffb5123cfda579bfdb?branch=epel7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core \u003c= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor Zarafa Collaboration Platform (ZCP) in provider/libserver/ECPamAuth.cpp of Zarafa \u003e= 6.30 (introduced between 6.30.0 RC1e and 6.30.8 final)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kopano.com/"
},
{
"url": "https://stash.kopano.io/projects/KC/repos/kopanocore/browse/provider/libserver/ECKrbAuth.cpp#137"
},
{
"name": "[debian-lts-announce] 20230306 [SECURITY] [DLA 3354-1] kopanocore security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00006.html"
},
{
"url": "https://jira.kopano.io/browse/KC-2021"
},
{
"url": "https://github.com/Kopano-dev/kopano-core/blob/master/provider/libserver/ECKrbAuth.cpp#L137"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2192126"
},
{
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-342b96903b"
},
{
"url": "https://src.fedoraproject.org/rpms/zarafa/c/a5a8366ccf07f248fae6edffb5123cfda579bfdb?branch=epel7"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-26562",
"datePublished": "2022-04-01T00:00:00.000Z",
"dateReserved": "2022-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T05:03:32.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28994 (GCVE-0-2021-28994)
Vulnerability from cvelistv5 – Published: 2021-03-31 22:11 – Updated: 2024-08-03 21:55
VLAI
Summary
kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2021/… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2021/04/01/1 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2021/04/25/1 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:55:12.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-25T02:06:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-28994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2021/03/19/6",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
},
{
"name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
},
{
"name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-28994",
"datePublished": "2021-03-31T22:11:56.000Z",
"dateReserved": "2021-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:55:12.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19907 (GCVE-0-2019-19907)
Vulnerability from cvelistv5 – Published: 2019-12-19 00:00 – Updated: 2024-08-05 02:32
VLAI
Summary
HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:32:09.310Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://stash.kopano.io/projects/KC/repos/kopanocore/commits/4e02b420fff"
},
{
"tags": [
"x_transferred"
],
"url": "https://stash.kopano.io/projects/KC/repos/kopanocore/browse/RELNOTES.txt"
},
{
"name": "[debian-lts-announce] 20230306 [SECURITY] [DLA 3354-1] kopanocore security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HrAddFBBlock in libfreebusy/freebusyutil.cpp in Kopano Groupware Core before 8.7.7 allows out-of-bounds access, as demonstrated by mishandling of an array copy during parsing of ICal data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://stash.kopano.io/projects/KC/repos/kopanocore/commits/4e02b420fff"
},
{
"url": "https://stash.kopano.io/projects/KC/repos/kopanocore/browse/RELNOTES.txt"
},
{
"name": "[debian-lts-announce] 20230306 [SECURITY] [DLA 3354-1] kopanocore security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00006.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-19907",
"datePublished": "2019-12-19T00:00:00.000Z",
"dateReserved": "2019-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:32:09.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11666 (GCVE-0-2017-11666)
Vulnerability from cvelistv5 – Published: 2017-07-26 17:00 – Updated: 2024-09-16 18:34
VLAI
Summary
Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://stash.kopano.io/projects/KWA/repos/filepr… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://stash.kopano.io/projects/KWA/repos/filepreviewer/commits/85d2b5c2d27f461bba12e9491fcc4b0d8fde771a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-26T17:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://stash.kopano.io/projects/KWA/repos/filepreviewer/commits/85d2b5c2d27f461bba12e9491fcc4b0d8fde771a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://stash.kopano.io/projects/KWA/repos/filepreviewer/commits/85d2b5c2d27f461bba12e9491fcc4b0d8fde771a",
"refsource": "CONFIRM",
"url": "https://stash.kopano.io/projects/KWA/repos/filepreviewer/commits/85d2b5c2d27f461bba12e9491fcc4b0d8fde771a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11666",
"datePublished": "2017-07-26T17:00:00.000Z",
"dateReserved": "2017-07-26T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:34:24.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}