Known Vulnerabilities for products from Horde
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Horde".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-30287 json | Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate... | 8 - HIGH | 2022-07-28 | 2023-08-08 |
| CVE-2022-26874 json | lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account tak... | 5.4 - MEDIUM | 2022-03-11 | 2022-10-14 |
| CVE-2021-26929 json | An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3... | 6.1 - MEDIUM | 2021-02-14 | 2021-04-19 |
| CVE-2020-8866 json | This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edi... | 6.5 - MEDIUM | 2020-03-23 | 2022-10-07 |
| CVE-2020-8865 json | This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Ed... | 6.3 - MEDIUM | 2020-03-23 | 2022-10-07 |
| CVE-2020-8518 json | Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | 9.8 - CRITICAL | 2020-02-17 | 2023-11-07 |
| CVE-2020-8035 json | The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (X... | 6.1 - MEDIUM | 2020-05-18 | 2020-06-01 |
| CVE-2020-8034 json | Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-... | 6.1 - MEDIUM | 2020-05-18 | 2020-05-31 |
| CVE-2019-12095 json | Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by th... | 8.8 - HIGH | 2019-10-24 | 2020-08-24 |
| CVE-2019-12094 json | Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?fo... | 6.1 - MEDIUM | 2019-10-24 | 2019-12-03 |
| CVE-2019-9858 json | Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable ... | 8.8 - HIGH | 2019-05-29 | 2022-04-18 |
| CVE-2017-17689 json | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintex... | 5.9 - MEDIUM | 2018-05-16 | 2019-10-03 |
| CVE-2017-17688 json | ** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly l... | 5.9 - MEDIUM | 2018-05-16 | 2023-11-07 |
| CVE-2017-16908 json | In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remot... | 5.4 - MEDIUM | 2017-11-20 | 2020-08-29 |
| CVE-2017-16907 json | In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | 5.4 - MEDIUM | 2017-11-20 | 2020-08-29 |
| CVE-2017-16906 json | In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | 5.4 - MEDIUM | 2017-11-20 | 2020-08-29 |
| CVE-2017-15235 json | The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for ... | 7.5 - HIGH | 2017-10-11 | 2020-08-29 |
| CVE-2017-14650 json | A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes Ima... | 8.1 - HIGH | 2017-09-21 | 2018-08-18 |
| CVE-2017-9774 json | Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authenticati... | 8.8 - HIGH | 2017-06-21 | 2018-08-18 |
| CVE-2017-9773 json | Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. | 5.7 - MEDIUM | 2017-06-21 | 2018-08-18 |
Known software with vulnerabilities from Horde
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Horde | Ansel | 2.0.0 |
| Application | Horde | Content | 1.0.0 |
| Application | Horde | Dynamic Imp | 1.0 |
| Application | Horde | File Manager | 5.2.21 |
| Application | Horde | Gollem | 1.0 |
| Application | Horde | Groupware | 1.0 |
| Application | Horde | Horde Activesync | 1.0.0 |
| Application | Horde | Horde Alarm | 1.0.0 |
| Application | Horde | Horde Application Framework | 1.0.3 |
| Application | Horde | Horde Argv | 1.0.0 |
| Application | Horde | Horde Auth | 1.0.0 |
| Application | Horde | Horde Autoloader | 1.0.0 |
| Application | Horde | Horde Autoloader Cache | 1.0.0 |
| Application | Horde | Horde Backup | 1.0.0 |
| Application | Horde | Horde Browser | 1.0.0 |
| Application | Horde | Horde Cache | 1.0.0 |
| Application | Horde | Horde Command Line Interface | 1.0.0 |
| Application | Horde | Horde Command Line Interface Application | 1.0.0 |
| Application | Horde | Horde Command Line Interface Modular | 1.0.0 |
| Application | Horde | Horde Compress | 1.0.0 |