Search CVE reports
11 – 20 of 24 results
In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body.
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Needs evaluation | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function to the mail component.
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Not affected | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 3 of 7
Alinto SOGo through 5.10.0 allows XSS during attachment preview.
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Not affected | Not in release | Fixed | Fixed | Fixed |
Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Needs evaluation | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code.
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Not affected | Not in release | Not affected | Vulnerable | Needs evaluation |
A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads...
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Not affected | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic. Affected by this issue is the function _migrateMailIdentities of the file SoObjects/SOGo/SOGoUserDefaults.m of the component Identity Handler. The...
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Not affected | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 2 of 10
SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication...
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Not affected | Not in release | Not affected | Fixed | Fixed |
Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Not affected | Not in release | Not affected | Not affected | Not affected |
Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Description, (2) Location, (3) URL,...
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Not affected | Not in release | Not affected | Not affected | Not affected |