Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2016-6848

    An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. API requests can be used to inject, generate and download executable files to the client ("Reflected File Download"). Malicious platform specific (e.g. Microsoft Windows) batch file c... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.10
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6847

    An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can b... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.26
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6845

    An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may exe... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.26
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6844

    An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded ... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.26
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6843

    An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by usi... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.20
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-6842

    An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victi... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.26
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5740

    An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.14
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-5124

    An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be ... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.46
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-4048

    An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Custom messages can be shown at the login screen to notify external users about issues with sharing links. This mechanism can be abused to inject arbitrary text messages. Users may g... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.22
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 4.3

    MEDIUM
    CVE-2016-4047

    An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts of the... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.13
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2016-4046

    An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports t... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.18
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4045

    An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the u... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.21
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 7.5

    HIGH
    CVE-2016-4028

    An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on w... Read more

    Affected Products : ox_guard
    • EPSS Score: %0.20
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 3.5

    LOW
    CVE-2016-4027

    An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev10. App Suite frontend offers to control whether a user wants to store cookies that exceed the session duration. This functionality is useful when logging in from clients with reduced pr... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.22
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-4026

    An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.21
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 7.4

    HIGH
    CVE-2016-3174

    An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to fol... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.20
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 5.4

    MEDIUM
    CVE-2016-3173

    An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. an image) which gets displayed at the portal application... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.24
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 6.1

    MEDIUM
    CVE-2016-2840

    An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be ex... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.34
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 8.8

    HIGH
    CVE-2015-8542

    An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify th... Read more

    Affected Products : ox_guard
    • EPSS Score: %0.16
    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 4.7

    MEDIUM
    CVE-2016-3685

    SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in th... Read more

    Affected Products : macos windows download_manager
    • EPSS Score: %0.05
    • Published: Dec. 14, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292485 Results