Lucene search
K

378 matches found

Debian
Debian
added last week4 views

[SECURITY] [DLA 4657-1] sogo security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4657-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb June 29, 2026 https://wiki.debian.org/LTS -...

8.6CVSS6AI score0.00316EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

Debian dsa-6366 : sogo - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6366 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6366-1 [email protected] https://www.debian.org/securit...

8.6CVSS5.8AI score0.00398EPSS
Exploits0References16
Debian
Debian
added 2026/06/25 6:21 p.m.6 views

[SECURITY] [DSA 6366-1] sogo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6366-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 25, 2026 https://www.debian.org/security/faq -...

8.6CVSS5.7AI score0.00398EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8496

A cross-site scripting XSS vulnerability exists in Alinto SOGo, version 5.12.7. A maliciously crafted ICS calendar invitation files allows arbitrary JavaScript execution within the authenticated SOGo webmail session. The issue occurs because SVG content embedded in the description field of an ICS...

6.1CVSS5.7AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.10 views

CVE-2026-46445

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS5.6AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.9 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS5.6AI score0.00239EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.7 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS5.8AI score0.00316EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References3
NVD
NVD
added 2026/05/18 9:16 p.m.15 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS0.00316EPSS
Exploits0References3
OSV
OSV
added 2026/05/18 9:16 p.m.4 views

DEBIAN-CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/18 9:16 p.m.9 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References5
OSV
OSV
added 2026/05/18 9:16 p.m.3 views

UBUNTU-CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References6
CVE
CVE
added 2026/05/18 8:10 p.m.26 views

CVE-2026-8851

SOGo 5.12.7 is affected by a SQL injection in the Access Control List management via the uid parameter in addUserInAcls. An authenticated user can inject subqueries to extract arbitrary data and write it into the sogo_acl table, then retrieve it through the /acls API, creating an out-of-band data...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/18 8:10 p.m.9 views

CVE-2026-8851 SOGo < 5.12.8 SQL Injection via addUserInAcls endpoint

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/18 8:10 p.m.11 views

EUVD-2026-30804

SOGo 5.12.7 contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can inject malicious SQ...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:10 p.m.6 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/18 8:10 p.m.35 views

CVE-2026-8851 SOGo < 5.12.8 SQL Injection via addUserInAcls endpoint

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS0.00316EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/18 8:10 p.m.6 views

CVE-2026-8851

SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can...

8.6CVSS6.1AI score0.00316EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

SOGo SQL注入漏洞

SOGo is a highly fast and scalable modern collaboration suite open source by Alinto. It offers calendar management, address book management, a fully functional webmail client, as well as features for resource sharing and permission handling. Version 5.12.7 of SOGo contains a SQL injection...

8.6CVSS6AI score0.00316EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 4:17 a.m.60 views

CVE-2026-46446

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to cpassword = '%@' in changePasswordForLogin...

7.1CVSS0.00239EPSS
Exploits0References3
Rows per page
Query Builder