Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Open\-Xchange_appsuite
(Open\-Xchange)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 157 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-02-12 | CVE-2023-41706 | Processing time of drive search expressions now gets monitored, and the related request is terminated if a resource threshold is reached. Availability of OX App Suite could be reduced due to high processing load. Please deploy the provided updates and patch releases. Processing of user-defined drive search expressions is not limited No publicly available exploits are known. | Open\-Xchange_appsuite | 6.5 | ||
| 2024-02-12 | CVE-2023-41708 | References to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypass existing safeguards to inject malicious script code. Please deploy the provided updates and patch releases. References to apps are now controlled more strict to avoid relative references. No publicly available exploits are known. | Open\-Xchange_appsuite | 5.4 | ||
| 2020-02-21 | CVE-2019-18846 | OX App Suite through 7.10.2 allows SSRF. | Open\-Xchange_appsuite | 5.0 | ||
| 2020-08-31 | CVE-2020-12643 | OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. | Open\-Xchange_appsuite | 4.3 | ||
| 2020-08-31 | CVE-2020-12645 | OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. | Open\-Xchange_appsuite | 9.8 | ||
| 2020-08-31 | CVE-2020-12646 | OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. | Open\-Xchange_appsuite | N/A | ||
| 2020-08-31 | CVE-2020-12644 | OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. | Open\-Xchange_appsuite | N/A | ||
| 2020-01-31 | CVE-2014-5236 | Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2) image in an OpenDocument text file. | Open\-Xchange_appsuite | N/A | ||
| 2020-01-14 | CVE-2014-5238 | XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document. | Open\-Xchange_appsuite | N/A | ||
| 2020-01-06 | CVE-2019-16716 | OX App Suite through 7.10.2 has Incorrect Access Control. | Open\-Xchange_appsuite | N/A |