Search CVE reports
1 – 10 of 24 results
Some fixes available 4 of 5
SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries...
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Fixed | Not in release | Fixed | Fixed | Fixed |
Some fixes available 4 of 5
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Fixed | Not in release | Fixed | Fixed | Fixed |
Some fixes available 4 of 5
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Fixed | Not in release | Fixed | Fixed | Fixed |
Some fixes available 1 of 2
A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue...
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Fixed | Not in release | Not affected | Not affected | Not affected |
Some fixes available 2 of 4
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Fixed | Not in release | Fixed | Not affected | Not affected |
Some fixes available 4 of 6
SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Fixed | Not in release | Fixed | Fixed | Fixed |
Some fixes available 1 of 3
A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly...
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Fixed | Not in release | Not affected | Not affected | Not affected |
Some fixes available 3 of 6
Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Not affected | Not in release | Fixed | Fixed | Fixed |
Some fixes available 3 of 6
alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Not affected | Not in release | Fixed | Fixed | Fixed |
An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in...
1 affected package
sogo
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| sogo | Needs evaluation | Not in release | Needs evaluation | Needs evaluation | Needs evaluation |