Known Vulnerabilities for products from Horde
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Horde".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-26929 | An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3... | 6.1 - MEDIUM | 2021-02-14 | 2021-04-19 |
| CVE-2020-8866 | This vulnerability allows remote attackers to create arbitrary files on affected installations of Horde Groupware Webmail Edi... | 6.5 - MEDIUM | 2020-03-23 | 2022-10-07 |
| CVE-2020-8865 | This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Ed... | 6.3 - MEDIUM | 2020-03-23 | 2022-10-07 |
| CVE-2020-8518 | Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution. | 9.8 - CRITICAL | 2020-02-17 | 2023-11-07 |
| CVE-2020-8035 | The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (X... | 6.1 - MEDIUM | 2020-05-18 | 2020-06-01 |
| CVE-2020-8034 | Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-... | 6.1 - MEDIUM | 2020-05-18 | 2020-05-31 |
| CVE-2019-12095 | Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by th... | 8.8 - HIGH | 2019-10-24 | 2020-08-24 |
| CVE-2019-12094 | Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?fo... | 6.1 - MEDIUM | 2019-10-24 | 2019-12-03 |
| CVE-2019-9858 | Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable ... | 8.8 - HIGH | 2019-05-29 | 2022-04-18 |
| CVE-2017-17689 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintex... | 5.9 - MEDIUM | 2018-05-16 | 2019-10-03 |
| CVE-2017-17688 | ** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly l... | 5.9 - MEDIUM | 2018-05-16 | 2023-11-07 |
| CVE-2017-16908 | In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remot... | 5.4 - MEDIUM | 2017-11-20 | 2020-08-29 |
| CVE-2017-16907 | In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. | 5.4 - MEDIUM | 2017-11-20 | 2020-08-29 |
| CVE-2017-16906 | In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event" action. | 5.4 - MEDIUM | 2017-11-20 | 2020-08-29 |
| CVE-2017-15235 | The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for ... | 7.5 - HIGH | 2017-10-11 | 2020-08-29 |
| CVE-2017-14650 | A Remote Code Execution vulnerability has been found in the Horde_Image library when using the "Im" backend that utilizes Ima... | 8.1 - HIGH | 2017-09-21 | 2018-08-18 |
| CVE-2017-9774 | Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. Exploitation requires authenticati... | 8.8 - HIGH | 2017-06-21 | 2018-08-18 |
| CVE-2017-9773 | Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver. | 5.7 - MEDIUM | 2017-06-21 | 2018-08-18 |
| CVE-2017-7414 | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if... | 7.5 - HIGH | 2017-04-04 | 2019-10-03 |
| CVE-2017-7413 | In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the... | 8.8 - HIGH | 2017-04-04 | 2019-10-03 |
Known software with vulnerabilities from Horde
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Horde | Ansel | 2.0.0 |
| Application | Horde | Content | 1.0.0 |
| Application | Horde | Dynamic Imp | 1.0 |
| Application | Horde | File Manager | 5.2.21 |
| Application | Horde | Gollem | 1.0 |
| Application | Horde | Groupware | 1.0 |
| Application | Horde | Horde Activesync | 1.0.0 |
| Application | Horde | Horde Alarm | 1.0.0 |
| Application | Horde | Horde Application Framework | 1.0.3 |
| Application | Horde | Horde Argv | 1.0.0 |
| Application | Horde | Horde Auth | 1.0.0 |
| Application | Horde | Horde Autoloader | 1.0.0 |
| Application | Horde | Horde Autoloader Cache | 1.0.0 |
| Application | Horde | Horde Backup | 1.0.0 |
| Application | Horde | Horde Browser | 1.0.0 |
| Application | Horde | Horde Cache | 1.0.0 |
| Application | Horde | Horde Command Line Interface | 1.0.0 |
| Application | Horde | Horde Command Line Interface Application | 1.0.0 |
| Application | Horde | Horde Command Line Interface Modular | 1.0.0 |
| Application | Horde | Horde Compress | 1.0.0 |