CVE-2023-26434
- EPSS 0.1%
- Published 20.06.2023 08:15:09
- Last modified 21.11.2024 07:51:26
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service una...
- EPSS 0.13%
- Published 20.06.2023 08:15:09
- Last modified 21.11.2024 07:51:26
It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions o...
CVE-2023-26436
- EPSS 0.16%
- Published 20.06.2023 08:15:09
- Last modified 21.11.2024 07:51:26
Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be...
CVE-2016-6846
- EPSS 0.3%
- Published 29.03.2017 14:59:00
- Last modified 20.04.2025 01:37:25
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office ...