Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for zarafa by zarafa

    CVE-2021-28994 (GCVE-0-2021-28994)

    Vulnerability from nvd – Published: 2021-03-31 22:11 – Updated: 2024-08-03 21:55
    VLAI
    Summary
    kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:12.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
              },
              {
                "name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
              },
              {
                "name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-25T02:06:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
            },
            {
              "name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
            },
            {
              "name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28994",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openwall.com/lists/oss-security/2021/03/19/6",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
                },
                {
                  "name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
                },
                {
                  "name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28994",
        "datePublished": "2021-03-31T22:11:56.000Z",
        "dateReserved": "2021-03-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:55:12.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5448 (GCVE-0-2014-5448)

    Vulnerability from nvd – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
    VLAI
    Summary
    Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/69365 vdb-entryx_refsource_BID
    http://seclists.org/oss-sec/2014/q3/444 mailing-listx_refsource_MLIST
    http://advisories.mageia.org/MGASA-2014-0380.html x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://seclists.org/oss-sec/2014/q3/445 mailing-listx_refsource_MLIST
    Date Public
    2014-08-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:48:48.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "69365",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69365"
              },
              {
                "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/444"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
              },
              {
                "name": "zarafa-logzarafa-info-disc(95452)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
              },
              {
                "name": "MDVSA-2014:182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
              },
              {
                "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "69365",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69365"
            },
            {
              "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/444"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
            },
            {
              "name": "zarafa-logzarafa-info-disc(95452)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
            },
            {
              "name": "MDVSA-2014:182",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
            },
            {
              "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/445"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5448",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "69365",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69365"
                },
                {
                  "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/444"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0380.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
                },
                {
                  "name": "zarafa-logzarafa-info-disc(95452)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
                },
                {
                  "name": "MDVSA-2014:182",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
                },
                {
                  "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/445"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5448",
        "datePublished": "2014-10-20T15:00:00.000Z",
        "dateReserved": "2014-08-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:48:48.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5447 (GCVE-0-2014-5447)

    Vulnerability from nvd – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
    VLAI
    Summary
    Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://seclists.org/oss-sec/2014/q3/444 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/69362 vdb-entryx_refsource_BID
    http://advisories.mageia.org/MGASA-2014-0380.html x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://seclists.org/oss-sec/2014/q3/445 mailing-listx_refsource_MLIST
    Date Public
    2014-08-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:48:48.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/444"
              },
              {
                "name": "69362",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69362"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
              },
              {
                "name": "MDVSA-2014:182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
              },
              {
                "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-31T13:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/444"
            },
            {
              "name": "69362",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69362"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
            },
            {
              "name": "MDVSA-2014:182",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
            },
            {
              "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/445"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/444"
                },
                {
                  "name": "69362",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69362"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0380.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
                },
                {
                  "name": "MDVSA-2014:182",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
                },
                {
                  "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/445"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5447",
        "datePublished": "2014-10-20T15:00:00.000Z",
        "dateReserved": "2014-08-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:48:48.404Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0103 (GCVE-0-2014-0103)

    Vulnerability from nvd – Published: 2014-07-29 14:00 – Updated: 2024-08-06 09:05
    VLAI
    Summary
    WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-06-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:39.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2014-7889",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
              },
              {
                "name": "68247",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68247"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
              },
              {
                "name": "FEDORA-2014-7896",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
              },
              {
                "name": "MDVSA-2014:182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-31T13:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2014-7889",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
            },
            {
              "name": "68247",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68247"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
            },
            {
              "name": "FEDORA-2014-7896",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
            },
            {
              "name": "MDVSA-2014:182",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0103",
        "datePublished": "2014-07-29T14:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:05:39.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0079 (GCVE-0-2014-0079)

    Vulnerability from nvd – Published: 2014-04-28 14:00 – Updated: 2024-08-06 09:05
    VLAI
    Summary
    The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:38.277Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2014:044",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the password.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-28T11:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "MDVSA-2014:044",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0079",
        "datePublished": "2014-04-28T14:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:05:38.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0037 (GCVE-0-2014-0037)

    Vulnerability from nvd – Published: 2014-04-28 14:00 – Updated: 2024-08-06 08:58
    VLAI
    Summary
    The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:58:26.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
              },
              {
                "name": "[oss-security] 20140131 Security Flaw CVE-2014-0037",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
              },
              {
                "name": "MDVSA-2014:044",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the username.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-28T11:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
            },
            {
              "name": "[oss-security] 20140131 Security Flaw CVE-2014-0037",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
            },
            {
              "name": "MDVSA-2014:044",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0037",
        "datePublished": "2014-04-28T14:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:58:26.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-28994 (GCVE-0-2021-28994)

    Vulnerability from cvelistv5 – Published: 2021-03-31 22:11 – Updated: 2024-08-03 21:55
    VLAI
    Summary
    kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T21:55:12.276Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
              },
              {
                "name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
              },
              {
                "name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-04-25T02:06:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
            },
            {
              "name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
            },
            {
              "name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28994",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.openwall.com/lists/oss-security/2021/03/19/6",
                  "refsource": "MISC",
                  "url": "https://www.openwall.com/lists/oss-security/2021/03/19/6"
                },
                {
                  "name": "[oss-security] 20210401 Re: kopano-core 11.0.1: Remote DoS by memory exhaustion",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/04/01/1"
                },
                {
                  "name": "[oss-security] 20210425 Re: kopano-core 11.0.1.77: Remote DoS with out-of-bounds access",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2021/04/25/1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28994",
        "datePublished": "2021-03-31T22:11:56.000Z",
        "dateReserved": "2021-03-22T00:00:00.000Z",
        "dateUpdated": "2024-08-03T21:55:12.276Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5447 (GCVE-0-2014-5447)

    Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
    VLAI
    Summary
    Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://seclists.org/oss-sec/2014/q3/444 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/69362 vdb-entryx_refsource_BID
    http://advisories.mageia.org/MGASA-2014-0380.html x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://seclists.org/oss-sec/2014/q3/445 mailing-listx_refsource_MLIST
    Date Public
    2014-08-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:48:48.404Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/444"
              },
              {
                "name": "69362",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69362"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
              },
              {
                "name": "MDVSA-2014:182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
              },
              {
                "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-31T13:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/444"
            },
            {
              "name": "69362",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69362"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
            },
            {
              "name": "MDVSA-2014:182",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
            },
            {
              "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/445"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5447",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/444"
                },
                {
                  "name": "69362",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69362"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0380.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
                },
                {
                  "name": "MDVSA-2014:182",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
                },
                {
                  "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/445"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5447",
        "datePublished": "2014-10-20T15:00:00.000Z",
        "dateReserved": "2014-08-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:48:48.404Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-5448 (GCVE-0-2014-5448)

    Vulnerability from cvelistv5 – Published: 2014-10-20 15:00 – Updated: 2024-08-06 11:48
    VLAI
    Summary
    Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/69365 vdb-entryx_refsource_BID
    http://seclists.org/oss-sec/2014/q3/444 mailing-listx_refsource_MLIST
    http://advisories.mageia.org/MGASA-2014-0380.html x_refsource_CONFIRM
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRIVA
    http://seclists.org/oss-sec/2014/q3/445 mailing-listx_refsource_MLIST
    Date Public
    2014-08-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:48:48.458Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "69365",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/69365"
              },
              {
                "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/444"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
              },
              {
                "name": "zarafa-logzarafa-info-disc(95452)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
              },
              {
                "name": "MDVSA-2014:182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
              },
              {
                "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2014/q3/445"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-08-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-07T15:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "69365",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/69365"
            },
            {
              "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/444"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
            },
            {
              "name": "zarafa-logzarafa-info-disc(95452)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
            },
            {
              "name": "MDVSA-2014:182",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
            },
            {
              "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2014/q3/445"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-5448",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "69365",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/69365"
                },
                {
                  "name": "[oss-security] 20140824 CVE request: Multiple incorrect default permissions in Zarafa",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/444"
                },
                {
                  "name": "http://advisories.mageia.org/MGASA-2014-0380.html",
                  "refsource": "CONFIRM",
                  "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
                },
                {
                  "name": "zarafa-logzarafa-info-disc(95452)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95452"
                },
                {
                  "name": "MDVSA-2014:182",
                  "refsource": "MANDRIVA",
                  "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
                },
                {
                  "name": "[oss-security] 20140825 Re: CVE request: Multiple incorrect default permissions in Zarafa",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2014/q3/445"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-5448",
        "datePublished": "2014-10-20T15:00:00.000Z",
        "dateReserved": "2014-08-25T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:48:48.458Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0103 (GCVE-0-2014-0103)

    Vulnerability from cvelistv5 – Published: 2014-07-29 14:00 – Updated: 2024-08-06 09:05
    VLAI
    Summary
    WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-06-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:39.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2014-7889",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
              },
              {
                "name": "68247",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68247"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
              },
              {
                "name": "FEDORA-2014-7896",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
              },
              {
                "name": "MDVSA-2014:182",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-10-31T13:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "FEDORA-2014-7889",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136044.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1073618"
            },
            {
              "name": "68247",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68247"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://advisories.mageia.org/MGASA-2014-0380.html"
            },
            {
              "name": "FEDORA-2014-7896",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/136033.html"
            },
            {
              "name": "MDVSA-2014:182",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:182"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0103",
        "datePublished": "2014-07-29T14:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:05:39.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0079 (GCVE-0-2014-0079)

    Vulnerability from cvelistv5 – Published: 2014-04-28 14:00 – Updated: 2024-08-06 09:05
    VLAI
    Summary
    The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the password."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-02-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T09:05:38.277Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "MDVSA-2014:044",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the password.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-28T11:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "MDVSA-2014:044",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0079",
        "datePublished": "2014-04-28T14:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T09:05:38.277Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-0037 (GCVE-0-2014-0037)

    Vulnerability from cvelistv5 – Published: 2014-04-28 14:00 – Updated: 2024-08-06 08:58
    VLAI
    Summary
    The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointer of the username."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2014-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:58:26.532Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
              },
              {
                "name": "[oss-security] 20140131 Security Flaw CVE-2014-0037",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
              },
              {
                "name": "MDVSA-2014:044",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRIVA",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to \"a NULL pointer of the username.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-28T11:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1056767"
            },
            {
              "name": "[oss-security] 20140131 Security Flaw CVE-2014-0037",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/01/31/14"
            },
            {
              "name": "MDVSA-2014:044",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRIVA"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:044"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1059903"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2014-0037",
        "datePublished": "2014-04-28T14:00:00.000Z",
        "dateReserved": "2013-12-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:58:26.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }