Debian Php-Horde-Crypt vulnerabilities
2 known vulnerabilities affecting debian/php-horde-crypt.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2017-7413P2HIGHCVSS 8.8fixed in php-horde-crypt 2.7.5-2 (bookworm)2017
CVE-2017-7413 [HIGH] CVE-2017-7413: php-horde-crypt - In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through ...
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address.
Scope: local
bookworm: resolved (fixed in 2.7.5-2)
bullse
debian
CVE-2017-7414P3HIGHCVSS 7.5fixed in php-horde-crypt 2.7.5-2 (bookworm)2017
CVE-2017-7414 [HIGH] CVE-2017-7414: php-horde-crypt - In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x thro...
In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition 5.x through 5.2.17, OS Command Injection can occur if the user has PGP features enabled in the user's preferences, and has enabled the "Should PGP signed messages be automatically verified when viewed?" preference. To exploit this vulnerability, an attacker can send a PGP signed email (tha
debian