Vulnerabilities in Open-Xchange GmbH
47 resultsCVE-2023-41708MEDIUMReferences to the "app loader" functionality could contain redirects to unexpected locations. Attackers could forge app references that bypaEPSS 0.5%CVE-2026-27858HIGHAttacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory.
AttackeEPSS 0.5%CVE-2025-59028MEDIUMWhen sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to faiEPSS 0.4%CVE-2023-41710MEDIUMUser-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. AttackeEPSS 0.4%CVE-2023-29052MEDIUMUsers were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. AttackEPSS 0.4%CVE-2026-0394MEDIUMWhen dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added EPSS 0.4%CVE-2025-59032HIGHManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedEPSS 0.4%CVE-2026-27857MEDIUMSending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client EPSS 0.4%CVE-2024-25582MEDIUMModule savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform maliciouEPSS 0.4%CVE-2026-27859MEDIUMA mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message caEPSS 0.4%CVE-2026-27855MEDIUMDovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in paEPSS 0.3%CVE-2026-40016MEDIUMAttacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 EPSS 0.3%CVE-2025-30188HIGHMalicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is requirEPSS 0.3%CVE-2026-42006MEDIUMAn attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking onEPSS 0.3%CVE-2026-27851HIGHWhen safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabliEPSS 0.3%CVE-2026-24031HIGHDovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authenticEPSS 0.3%CVE-2026-27856HIGHDoveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determineEPSS 0.3%CVE-2026-27860LOWIf auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially EPSS 0.3%CVE-2025-59031MEDIUMDovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can useEPSS 0.3%CVE-2026-40020LOWAttacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This cEPSS 0.3%