Filtered by vendor Zimbra Subscriptions
Filtered by product Zimbra Collaboration Suite Subscriptions

Search

Switch to Advanced Search (Beta)
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-45519 1 Zimbra 2 Collaboration, Zimbra Collaboration Suite 2025-07-30 10 Critical
The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands.
CVE-2025-53645 1 Zimbra 1 Zimbra Collaboration Suite 2025-07-22 7.5 High
Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An unauthenticated remote attacker can send specially crafted GET requests that trigger redundant processing and inflated responses. This leads to uncontrolled resource consumption, resulting in denial of service.
CVE-2018-10951 2 Synacor, Zimbra 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite 2024-11-21 N/A
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
CVE-2018-10939 2 Synacor, Zimbra 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite 2024-11-21 N/A
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.
CVE-2015-7610 2 Synacor, Zimbra 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite 2024-11-21 N/A
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.