Zimbra Security Advisories: Difference between revisions
(→Zimbra Collaboration - Security Vulnerability Advisories: add CVE-2018-14425 to bug 108970) |
(Add notes for 8.6.0 Patch11 and other minor html/whitespace cleanup) |
||
Line 30: | Line 30: | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.8.8 Patch7<br /> 8.8.9 Patch1</td> | <td>8.8.8 Patch7 <br /> 8.8.9 Patch1</td> | ||
<td>Diego Di Nardo</td> | <td>Diego Di Nardo</td> | ||
</tr> | </tr> | ||
Line 40: | Line 40: | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.11 Patch4<br /> 8.8.8 Patch4</td> | <td>8.6.0 Patch11 <br /> 8.7.11 Patch4 <br /> 8.8.8 Patch4</td> | ||
<td>Diego Di Nardo</td> | <td>Diego Di Nardo</td> | ||
</tr> | </tr> | ||
Line 50: | Line 50: | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.11 Patch3<br /> 8.8.8</td> | <td>8.7.11 Patch3 <br /> 8.8.8</td> | ||
<td>Netragard</td> | <td>Netragard</td> | ||
</tr> | </tr> | ||
Line 70: | Line 70: | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:S/C:P/I:P/A:N) 3.6]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:H/Au:S/C:P/I:P/A:N) 3.6]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch10 <br /> 8.7.11 Patch3<br /> 8.8.8</td> | <td>8.6.0 Patch10 <br /> 8.7.11 Patch3 <br /> 8.8.8</td> | ||
<td>Netragard</td> | <td>Netragard</td> | ||
</tr> | </tr> | ||
Line 90: | Line 90: | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch10 <br />8.7.11 Patch1 <br /> 8.8.7 <br /> 8.8.8</td> | <td>8.6.0 Patch10 <br /> 8.7.11 Patch1 <br /> 8.8.7 <br /> 8.8.8</td> | ||
<td>Stephan Kaag of Securify</td> | <td>Stephan Kaag of Securify</td> | ||
</tr> | </tr> | ||
Line 122: | Line 122: | ||
<td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.6.0 Patch10 <br /> 8.7.11 Patch3 <br />8.8.0 Beta2</td> | <td>8.6.0 Patch10 <br /> 8.7.11 Patch3 <br /> 8.8.0 Beta2</td> | ||
<td>Lucideus <br /> Phil Pearl</td> | <td>Lucideus <br /> Phil Pearl</td> | ||
</tr> | </tr> | ||
Line 162: | Line 162: | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N) 4.0]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:L/Au:S/C:N/I:P/A:N) 4.0]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.7.6</td> | <td>8.6.0 Patch11 <br /> 8.7.6</td> | ||
<td>Greg Solovyev</td> | <td>Greg Solovyev</td> | ||
</tr> | </tr> | ||
Line 182: | Line 182: | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.1</td> | <td>8.6.0 Patch11 <br /> 8.7.1</td> | ||
<td>Sammy Forgit</td> | <td>Sammy Forgit</td> | ||
</tr> | </tr> | ||
Line 193: | Line 193: | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Secu</td> | <td>Secu</td> | ||
</tr> | </tr> | ||
Line 210: | Line 210: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104477 104477]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104477 104477]</td> | ||
<td><!-- [ | <td><!-- [https://cwe.mitre.org/data/definitions/601.html CWE-601] -->-</td> | ||
<td>CVE-2016-4019</td> | <td>CVE-2016-4019</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
Line 221: | Line 221: | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104294 104294] <br /> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104294 104294] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104456 104456]</td> | [https://bugzilla.zimbra.com/show_bug.cgi?id=104456 104456]</td> | ||
<td>CSRF [ | <td>CSRF [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | ||
<td>CVE-2016-3406</td> | <td>CVE-2016-3406</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | ||
Line 230: | Line 230: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104222 104222] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104910 104910] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105071 105071] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=105175 105175]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=104222 104222] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104910 104910] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=105071 105071] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=105175 105175]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2016-3407</td> | <td>CVE-2016-3407</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:P/I:N/A:N) 3.5] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3] <br /> [https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:S/C:N/I:P/A:N) 2.1]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Zimbra</td> | <td>Zimbra</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103997 103997] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104413 104413] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104414 104414] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104777 104777] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104791 104791]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103997 103997] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104413 104413] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104414 104414] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104777 104777] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104791 104791]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2016-3412</td> | <td>CVE-2016-3412</td> | ||
Line 251: | Line 258: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103996 103996]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103996 103996]</td> | ||
<td><!-- [ | <td><!-- [https://cwe.mitre.org/data/definitions/611.html CWE-611] -->-</td> | ||
<td>CVE-2016-3413</td> | <td>CVE-2016-3413</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.6]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td><!--8.6.0 Patch11 <br /> -->8.7.0</td> | ||
<td>Zimbra</td> | <td>Zimbra</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103961 103961] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104828 104828]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103961 103961] <br /> | ||
<td>CSRF [ | [https://bugzilla.zimbra.com/show_bug.cgi?id=104828 104828]</td> | ||
<td>CSRF [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | |||
<td>CVE-2016-3405</td> | <td>CVE-2016-3405</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
Line 271: | Line 279: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103959 103959]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103959 103959]</td> | ||
<td>CSRF [ | <td>CSRF [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | ||
<td>CVE-2016-3404</td> | <td>CVE-2016-3404</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
Line 280: | Line 288: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103956 103956] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=103995 103995] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104475 104475] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104838 104838] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=104839 104839]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=103956 103956] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=103995 103995] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104475 104475] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104838 104838] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=104839 104839]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2016-3410</td> | <td>CVE-2016-3410</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td><!-- 8.6.0 Patch11 <br /> -->8.7.0</td> | ||
<td>Zimbra</td> | <td>Zimbra</td> | ||
</tr> | </tr> | ||
Line 295: | Line 307: | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Zimbra</td> | <td>Zimbra</td> | ||
</tr> | </tr> | ||
Line 305: | Line 317: | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Peter Nguyen</td> | <td>Peter Nguyen</td> | ||
</tr> | </tr> | ||
Line 345: | Line 357: | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.7.0</td> | <td>8.6.0 Patch11 <br /> 8.7.0</td> | ||
<td>Volexity</td> | <td>Volexity</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=100885 100885] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=100899 100899]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=100885 100885] <br /> | ||
<td>CSRF [ | [https://bugzilla.zimbra.com/show_bug.cgi?id=100899 100899]</td> | ||
<td>CSRF [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | |||
<td>[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3403 CVE-2016-3403]</td> | <td>[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3403 CVE-2016-3403]</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
Line 361: | Line 374: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99810 99810]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99810 99810]</td> | ||
<td><!-- [ | <td><!-- [https://cwe.mitre.org/data/definitions/284.html CWE-284] [https://cwe.mitre.org/data/definitions/203.html CWE-203] -->-</td> | ||
<td>CVE-2016-3401</td> | <td>CVE-2016-3401</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:S/C:N/I:P/A:N) 3.5]</td> | ||
Line 371: | Line 384: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99167 99167]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=99167 99167]</td> | ||
<td><!-- [ | <td><!-- [https://cwe.mitre.org/data/definitions/203.html CWE-203] -->-</td> | ||
<td>CVE-2016-3402</td> | <td>CVE-2016-3402</td> | ||
<td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:H/Au:N/C:P/I:N/A:N) 2.6]</td> | ||
Line 380: | Line 393: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101435 101435] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=101436 101436]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101435 101435] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=101436 101436]</td> | |||
<td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-7609</td> | <td>CVE-2015-7609</td> | ||
Line 390: | Line 404: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101559 101559] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=100133 100133] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=99854 99854] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=99914 99914] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=96973 96973]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=101559 101559] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=100133 100133] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=99854 99854] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=99914 99914] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=96973 96973]</td> | |||
<td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-2249</td> | <td>CVE-2015-2249</td> | ||
Line 410: | Line 428: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=98358 98358] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=98216 98216] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=98215 98215]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=98358 98358] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98216 98216] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=98215 98215]</td> | |||
<td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | <td>Non-Persistent XSS [https://cwe.mitre.org/data/definitions/79.html CWE-79]</td> | ||
<td>CVE-2015-2249</td> | <td>CVE-2015-2249</td> | ||
Line 433: | Line 453: | ||
<td>Improper Input Validation [https://cwe.mitre.org/data/definitions/20.html CWE-20]</td> | <td>Improper Input Validation [https://cwe.mitre.org/data/definitions/20.html CWE-20]</td> | ||
<td>CVE-2014-8563</td> | <td>CVE-2014-8563</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.0.9 <br /> 8.5.1<br /> 8.6.0</td> | <td>8.0.9 <br /> 8.5.1 <br /> 8.6.0</td> | ||
<td> -</td> | <td> -</td> | ||
</tr> | </tr> | ||
Line 443: | Line 463: | ||
<td>CSRF Vulnerability [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | <td>CSRF Vulnerability [https://cwe.mitre.org/data/definitions/352.html CWE-352]</td> | ||
<td>CVE-2015-6541</td> | <td>CVE-2015-6541</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.5.0</td> | <td>8.5.0</td> | ||
Line 450: | Line 470: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92825 92825] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92833 92833] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=92835 92835]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92825 92825] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92833 92833] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=92835 92835]</td> | |||
<td>XSS Vulnerabilities [https://cwe.mitre.org/data/definitions/79.html CWE-79] <br /> (8.0.7 Patch <br /> contains [https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412])</td> | <td>XSS Vulnerabilities [https://cwe.mitre.org/data/definitions/79.html CWE-79] <br /> (8.0.7 Patch <br /> contains [https://bugzilla.zimbra.com/show_bug.cgi?id=87412 87412])</td> | ||
<td>CVE-2014-5500</td> | <td>CVE-2014-5500</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=(AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3]</td> | ||
<td>Minor</td> | <td>Minor</td> | ||
<td>8.0.8 <br /> 8.5.0</td> | <td>8.0.8 <br /> 8.5.0</td> | ||
Line 463: | Line 486: | ||
<td>Session Fixation [https://cwe.mitre.org/data/definitions/384.html CWE-384]</td> | <td>Session Fixation [https://cwe.mitre.org/data/definitions/384.html CWE-384]</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5119 CVE-2013-5119]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5119 CVE-2013-5119]</td> | ||
<td>[ | <td>[https://nvd.nist.gov/cvss.cfm?version=2&vector=(AV:N/AC:M/AU:N/C:P/I:P/A:N) 5.8]</td> | ||
<td>Major</td> | <td>Major</td> | ||
<td>8.5.0</td> | <td>8.5.0</td> | ||
Line 536: | Line 559: | ||
<tr> | <tr> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445] <br /> [https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132] | [https://bugzilla.zimbra.com/show_bug.cgi?id=80450 80450] <br /> | ||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80131 80131] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80445 80445] <br /> | |||
[https://bugzilla.zimbra.com/show_bug.cgi?id=80132 80132] | |||
</td> | </td> | ||
<td style="white-space:nowrap"> | <td style="white-space:nowrap"> | ||
Upgrade to JDK 1.6 u41 <br /> Upgrade OpenSSL to 1.0.0k<br /> Upgrade to JDK 1.7u15+<br /> Upgrade to OpenSSL 1.0.1d</td> | Upgrade to JDK 1.6 u41 <br /> Upgrade OpenSSL to 1.0.0k <br /> Upgrade to JDK 1.7u15+ <br /> Upgrade to OpenSSL 1.0.1d</td> | ||
<td>n/a</td> | <td>n/a</td> | ||
<td>2.6</td> | <td>2.6</td> | ||
Line 548: | Line 574: | ||
<tr> | <tr> | ||
<td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80338 80338]</td> | <td>[https://bugzilla.zimbra.com/show_bug.cgi?id=80338 80338]</td> | ||
<td>Local file inclusion via skin/branding feature [ | <td>Local file inclusion via skin/branding feature [https://cwe.mitre.org/data/definitions/22.html CWE-22]</td> | ||
<td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7091 CVE-2013-7091]</td> | <td>[https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7091 CVE-2013-7091]</td> | ||
<td>[https://nvd.nist.gov/cvss/v2-calculator?name=CVE-2013-7091&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0]</td> | <td>[https://nvd.nist.gov/cvss/v2-calculator?name=CVE-2013-7091&vector=(AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0]</td> |
Revision as of 13:16, 30 July 2018
Zimbra Security Advisories
Overview
The following Security Vulnerabilities have been fixed and released in recent versions of Zimbra Collaboration software. For the latest release and patches, please be sure to update your Zimbra Collaboration servers with the software available on our Download pages:
- Zimbra Collaboration - Network Edition: https://www.zimbra.com/downloads/ne-downloads.html
- Zimbra Collaboration - Open-Source Edition: https://www.zimbra.com/downloads/os-downloads.html
Zimbra Collaboration - Security Vulnerability Advisories
(going back to ZCS 7.1.3)
Bug# | Summary | CVE-ID | CVSS Score |
Zimbra Rating |
Fix Release or Patch Version |
Reporter |
---|---|---|---|---|---|---|
108970 | Persistent XSS CWE-79 | CVE-2018-14425 | 3.5 | Minor | 8.8.8 Patch7 8.8.9 Patch1 |
Diego Di Nardo |
108902 | Persistent XSS CWE-79 | CVE-2018-10939 | 3.5 | Minor | 8.6.0 Patch11 8.7.11 Patch4 8.8.8 Patch4 |
Diego Di Nardo |
108963 | Verbose Error Messages CWE-209 | CVE-2018-10950 | 3.5 | Minor | 8.7.11 Patch3 8.8.8 |
Netragard |
108962 | Persistent XSS CWE-203 | CVE-2018-10949 | 5.0 | Major | 8.7.11 Patch3 8.8.8 |
Netragard |
108894 | Persistent XSS CWE-199 | CVE-2018-10951 | 3.6 | Minor | 8.6.0 Patch10 8.7.11 Patch3 8.8.8 |
Netragard |
97579 | CSRF CWE-352 | CVE-2015-7610 | 5.8 | Major | 8.6.0 Patch10 8.7.11 Patch2 8.8.8 Patch1 |
Fortinet's FortiGuard Labs |
108786 | Persistent XSS CWE-79 | CVE-2018-6882 | 4.3 | Minor | 8.6.0 Patch10 8.7.11 Patch1 8.8.7 8.8.8 |
Stephan Kaag of Securify |
108265 | Persistent XSS CWE-79 | CVE-2017-17703 | 4.3 | Minor | 8.6.0 Patch9 8.7.11 Patch1 8.8.3 |
Veit Hailperin |
107963 | Host header injection CWE-20 | - | 4.3 | Minor | 8.8.0 Beta2 | - |
107948 |
Persistent XSS CWE-79 | CVE-2018-10948 | 3.5 | Minor | 8.6.0 Patch10 8.7.11 Patch3 8.8.0 Beta2 |
Lucideus Phil Pearl |
107925 | Persistent XSS - snippet CWE-79 | CVE-2017-8802 | 3.5 | Minor | 8.6.0 Patch9 8.7.11 Patch1 8.8.0 Beta2 |
Compass Security |
107878 | Persistent XSS - location CWE-79 | CVE-2017-8783 | 4.0 | Minor | 8.7.10 | Stephan Kaag of Securify |
107712 | Improper limitation of file paths CWE-22 | CVE-2017-6821 | 4.0 | Minor | 8.7.6 | Greg Solovyev, Phil Pearl |
107684 | Improper handling of privileges CWE-280 | CVE-2017-6813 | 4.0 | Major | 8.6.0 Patch11 8.7.6 |
Greg Solovyev |
106811 | Limited XXE CWE-611 | CVE-2016-9924 | 4.3 | Minor | 8.6.0 Patch10 8.7.4 |
Alastair Gray |
106612 | Persistent XSS CWE-79 | CVE-2017-7288 | 4.3 | Minor | 8.6.0 Patch11 8.7.1 |
Sammy Forgit |
105001 105174 |
XSS CWE-79 | CVE-2016-5721 | 4.3 2.1 |
Minor | 8.6.0 Patch11 8.7.0 |
Secu |
104552 104703 |
XSS CWE-79 | CVE-2016-3999 | 4.3 | Minor | 8.7.0 | Nam Habach |
104477 | - | CVE-2016-4019 | 4.3 | Minor | 8.7.0 | Zimbra |
104294 104456 |
CSRF CWE-352 | CVE-2016-3406 | 2.6 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
104222 105175 |
XSS CWE-79 | CVE-2016-3407 | 4.3 3.5 4.3 2.1 |
Minor | 8.6.0 Patch11 8.7.0 |
Zimbra |
103997 104791 |
XSS CWE-79 | CVE-2016-3412 | 3.5 | Minor | 8.7.0 | Zimbra |
103996 | - | CVE-2016-3413 | 2.6 | Minor | 8.7.0 | Zimbra |
103961 104828 |
CSRF CWE-352 | CVE-2016-3405 | 4.3 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
103959 | CSRF CWE-352 | CVE-2016-3404 | 4.3 | Minor | 8.6.0 Patch8 8.7.0 |
Zimbra |
103956 104839 |
XSS CWE-79 | CVE-2016-3410 | 4.3 | Minor | 8.7.0 | Zimbra |
103609 | XSS CWE-79 | CVE-2016-3411 | 3.5 | Minor | 8.6.0 Patch11 8.7.0 |
Zimbra |
102637 | XSS CWE-79 | CVE-2016-3409 | 4.3 | Minor | 8.6.0 Patch11 8.7.0 |
Peter Nguyen |
102276 | CWE-502 | CVE-2016-3415 | 5.8 | Major | 8.7.0 | Zimbra |
102227 | CWE-502 | n/a | 7.5 | Major | 8.7.0 | Upstream, see CVE-2015-4852 |
102029 | CWE-674 | CVE-2016-3414 | 4.0 | Minor | 8.6.0 Patch7 8.7.0 |
Zimbra |
101813 | XSS CWE-79 | CVE-2016-3408 | 4.3 | Minor | 8.6.0 Patch11 8.7.0 |
Volexity |
100885 100899 |
CSRF CWE-352 | CVE-2016-3403 | 5.8 | Major | 8.6.0 Patch8 8.7.0 |
Sysdream |
99810 | - | CVE-2016-3401 | 3.5 | Minor | 8.7.0 | Zimbra |
99167 | - | CVE-2016-3402 | 2.6 | Minor | 8.7.0 | Zimbra |
101435 101436 |
Persistent XSS CWE-79 | CVE-2015-7609 | 6.4 2.3 |
Major | 8.6.0 Patch5 8.7.0 |
Fortinet's FortiGuard Labs |
101559 96973 |
XSS CWE-79 | CVE-2015-2249 | 3.5 | Minor | 8.6.0 Patch5 8.7.0 |
Zimbra |
99236 | XSS Vuln in YUI components in ZCS | n/a | 4.3 | Minor | 8.6.0 Patch5 | Upstream, see CVE-2012-5881 CVE-2012-5882 CVE-2012-5883 |
98358 98215 |
Non-Persistent XSS CWE-79 | CVE-2015-2249 | 4.3 | Minor | 8.6.0 Patch2 8.7.0 |
Cure53 |
97625 | Non-Persistent XSS CWE-79 | CVE-2015-2230 | 3.5 | Minor | 8.6.0 Patch2 | MWR InfoSecurity |
96105 | Improper Input Validation CWE-20 | CVE-2014-8563 | 5.8 | Major | 8.0.9 8.5.1 8.6.0 |
- |
83547 | CSRF Vulnerability CWE-352 | CVE-2015-6541 | 5.8 | Major | 8.5.0 | iSEC Partners, Sysdream |
87412 92835 |
XSS Vulnerabilities CWE-79 (8.0.7 Patch contains 87412) |
CVE-2014-5500 | 4.3 | Minor | 8.0.8 8.5.0 |
- |
83550 | Session Fixation CWE-384 | CVE-2013-5119 | 5.8 | Major | 8.5.0 | - |
91484 | Patch ZCS8 OpenSSL for CVE-2014-0224 | n/a | 6.8 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch |
Upstream, see CVE-2014-0224 |
88708 | Patch ZCS8 OpenSSL for CVE-2014-0160 | n/a | 5.0 | Major |
8.0.3+Patch 8.0.4+Patch 8.0.5+Patch 8.0.6+Patch 8.0.7+Patch 8.0.7 |
Upstream, see CVE-2014-0160 |
85499 | Upgrade to OpenSSL 1.0.1f | n/a | 4.3 4.3 5.8 |
Major | 8.0.7 | Upstream, see CVE-2013-4353 CVE-2013-6449 CVE-2013-6450 |
84547 | XXE CWE-611 | CVE-2013-7217 | 6.4 (not 10.0) |
Critical | 7.2.2_Patch3 7.2.3_Patch 7.2.4_Patch2 7.2.5_Patch 7.2.6 8.0.3_Patch3 8.0.4_Patch2 8.0.5_Patch 8.0.6 |
Private |
85478 | XSS vulnerability in message view | - | 6.4 | Major | 8.0.7 | Alban Diquet of iSEC Partners |
85411 | Local root privilege escalation | - | 6.2 | Major | 8.0.7 | Matthew David |
85000 | Patch nginx for CVE-2013-4547 | n/a | 7.5 | Major | 7.2.7 8.0.7 |
Upstream, see CVE-2013-4547 |
Upgrade to JDK 1.6 u41 Upgrade OpenSSL to 1.0.0k Upgrade to JDK 1.7u15+ Upgrade to OpenSSL 1.0.1d |
n/a | 2.6 | Minor | 7.2.3 7.2.3 8.0.3 8.0.3 |
Upstream, see CVE-2013-0169 |
|
80338 | Local file inclusion via skin/branding feature CWE-22 | CVE-2013-7091 | 5.0 | Critical | 6.0.16_Patch 7.1.1_Patch6 7.1.3_Patch3 7.2.2_Patch2 7.2.3 8.0.2_Patch 8.0.3 |
Private |
77655 | Separate keystore for CAs used for X509 authentication | - | 5.8 | Major | 8.0.7 | Private |
75424 | Upgrade to Clamav 0.97.5 | n/a | 4.3 4.3 4.3 |
Minor | 7.2.1 | Upstream, see CVE-2012-1457 CVE-2012-1458 CVE-2012-1459 |
64981 | Do not allow HTTP GET for login | - | 6.8 | Major | 7.1.3_Patch 7.1.4 |
Private |
Try Zimbra
Try now Zimbra Collaboration without any cost with the 60-day free Trial.
Get it now »
Want to get involved?
You can contribute in the Community, in the Wiki, in the Code, or developing Zimlets.
Find out more. »
Other Help Resources
Visit the User Help Page »
Visit the Official Forums »
Zimbra Documentation Page »
Looking for a Video?
Visit our YouTube Channel to keep posted about Webinars, technology news, Product overviews and more.
Go to the YouTube Channel »