Known Vulnerabilities for products from Synacor
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Synacor".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33372 | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability exists... | Not Provided | 2026-03-20 | 2026-04-01 |
| CVE-2026-33371 | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the... | Not Provided | 2026-03-20 | 2026-04-01 |
| CVE-2026-33370 | An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists... | Not Provided | 2026-03-20 | 2026-04-01 |
| CVE-2026-33369 | Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a Folder... | Not Provided | 2026-03-20 | 2026-04-01 |
| CVE-2026-33368 | Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cross-site scripting (XSS) vulnerability in the Classic W... | Not Provided | 2026-03-20 | 2026-04-01 |
| CVE-2020-18985 | An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbi... | 6.1 - MEDIUM | 2021-12-15 | 2021-12-20 |
| CVE-2020-18984 | A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collabor... | 6.1 - MEDIUM | 2021-12-15 | 2021-12-20 |
| CVE-2020-13653 | An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attac... | 6.1 - MEDIUM | 2020-07-02 | 2020-07-09 |
| CVE-2020-12846 | Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potentia... | 8 - HIGH | 2020-06-03 | 2020-06-05 |
| CVE-2020-8633 | An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in... | 5.3 - MEDIUM | 2020-02-18 | 2020-02-25 |
| CVE-2020-7796 | Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. | 9.8 - CRITICAL | 2020-02-18 | 2020-02-24 |
| CVE-2019-11318 | Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. | 5.4 - MEDIUM | 2020-01-27 | 2020-01-28 |
| CVE-2019-9670 | mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vu... | 9.8 - CRITICAL | 2019-05-29 | 2021-06-26 |
| CVE-2019-6981 | Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. | 6.5 - MEDIUM | 2019-05-29 | 2019-05-30 |
| CVE-2019-6980 | Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. | 9.8 - CRITICAL | 2019-05-29 | 2019-05-30 |
| CVE-2018-20160 | ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in o... | 9.8 - CRITICAL | 2019-05-29 | 2019-05-30 |
| CVE-2018-18631 | mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Pe... | 6.1 - MEDIUM | 2019-05-29 | 2019-05-30 |
| CVE-2018-17938 | Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. | 5.3 - MEDIUM | 2018-10-03 | 2020-08-24 |
| CVE-2018-15131 | An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x... | 5.3 - MEDIUM | 2019-05-30 | 2019-05-30 |
| CVE-2018-14425 | There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Cli... | 6.1 - MEDIUM | 2019-05-30 | 2019-05-31 |
Known software with vulnerabilities from Synacor
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Synacor | Zimbra Collaboration Server | 6.0.10 |
| Application | Synacor | Zimbra Collaboration Suite | 6.0.0 |