Open-xchange Ox_guard
11 CVEs affecting Open-xchange Ox_guard. Latest disclosed: 2023-11-02. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-10986 | High | 8.8 | 2019-07-03 | OX Guard 2.8.0 has CSRF. |
CVE-2015-8542 | High | 8.8 | 2016-12-15 | An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after… |
CVE-2020-28944 | High | 7.5 | 2021-04-30 | OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data. |
CVE-2016-4028 | High | 7.5 | 2016-12-15 | An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. T… |
CVE-2020-9426 | Medium | 6.1 | 2020-06-15 | OX Guard 2.10.3 and earlier allows XSS. |
CVE-2016-6854 | Medium | 6.1 | 2016-12-15 | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verif… |
CVE-2016-6853 | Medium | 6.1 | 2016-12-15 | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public… |
CVE-2016-6851 | Medium | 6.1 | 2016-12-15 | An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This… |
CVE-2023-26456 | Medium | 5.4 | 2023-11-02 | Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, al… |
CVE-2020-9427 | Medium | 5.0 | 2020-06-15 | OX Guard 2.10.3 and earlier allows SSRF. |
CVE-2015-7385 | | 2015-11-19 | Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid… |