CVE-2020-12645
- EPSS 0.34%
- Published 31.08.2020 15:15:10
- Last modified 21.11.2024 04:59:58
OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption.
CVE-2020-12646
- EPSS 0.34%
- Published 31.08.2020 15:15:10
- Last modified 21.11.2024 04:59:58
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
CVE-2020-8541
- EPSS 0.21%
- Published 16.06.2020 14:15:11
- Last modified 21.11.2024 05:38:59
OX App Suite through 7.10.3 allows XXE attacks.
CVE-2020-8542
- EPSS 0.69%
- Published 16.06.2020 14:15:11
- Last modified 21.11.2024 05:39:00
OX App Suite through 7.10.3 allows XSS.
CVE-2020-8543
- EPSS 0.36%
- Published 16.06.2020 14:15:11
- Last modified 21.11.2024 05:39:00
OX App Suite through 7.10.3 has Improper Input Validation.
CVE-2020-8544
- EPSS 0.21%
- Published 16.06.2020 14:15:11
- Last modified 21.11.2024 05:39:00
OX App Suite through 7.10.3 allows SSRF.
- EPSS 0.21%
- Published 21.02.2020 21:15:10
- Last modified 21.11.2024 04:33:42
OX App Suite through 7.10.2 allows SSRF.
CVE-2014-5236
- EPSS 6.67%
- Published 31.01.2020 22:15:10
- Last modified 21.11.2024 02:11:40
Multiple absolute path traversal vulnerabilities in documentconverter in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allow remote attackers to read application files via a full pathname in a crafted (1) OLE Object or (2...
CVE-2014-5238
- EPSS 0.9%
- Published 14.01.2020 16:15:11
- Last modified 21.11.2024 02:11:40
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document.
CVE-2019-16716
- EPSS 0.39%
- Published 06.01.2020 20:15:12
- Last modified 21.11.2024 04:31:02
OX App Suite through 7.10.2 has Incorrect Access Control.