Debian/sogo — 27 CVEs

Loading…

All known vulnerabilities

HIGH8.8CVE-2015-5395Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0.

from 0, < 3.2.4-0.2

HIGH7.5CVE-2021-33054sogo - security update

from 0, < 3.2.6-2+deb9u1

HIGH7.5CVE-2021-33054sogo - security update

from 0, < 4.0.7-1+deb10u2

HIGH7.5sogo - security update

from 0, < 5.0.1-4+deb11u1

HIGH7.1SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection.

from 0

HIGH7.1SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.

from 0

MEDIUM6.5Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to uploa…

from 0, < 3.2.4-0.2

MEDIUM6.1A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7.

from 0

MEDIUM6.1SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

from 0

MEDIUM6.1A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4.

from 0

MEDIUM6.1Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.

from 0, < 5.0.1-4+deb11u3

MEDIUM6.1sogo - security update

from 0, < 5.0.1-4+deb11u2

MEDIUM6.1sogo - security update

from 0, < 5.0.1-4+deb11u2

MEDIUM6.1Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function…

from 0

MEDIUM6.1sogo - security update

from 0, < 5.0.1-4+deb11u3

MEDIUM6.1sogo - security update

from 0, < 5.0.1-4+deb11u3

MEDIUM6.1Alinto SOGo before 5.9.1 is vulnerable to HTML Injection.

from 0

MEDIUM6.1Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user re…

from 0, < 4.3.2-1

MEDIUM6.1A vulnerability was found in Alinto SOGo up to 5.7.1.

from 0

MEDIUM6.1A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic.

from 0

MEDIUM6.1Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attac…

from 0, < 3.2.4-0.2

MEDIUM6.1Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web…

from 0, < 2.2.5-1

MEDIUM4.3SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users…

from 0, < 3.2.4-0.2

MEDIUM4.3Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by readin…

from 0, < 3.2.4-0.2

LOW2.6SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recom…

from 0

—SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authe…

from 0

—An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send…

from 0

pkg:Debian/sogo

✅ Check your installed version

All known vulnerabilities