Every CVE whose affected-product data names Open-xchange Ox Guard, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2015-8542 — CVSS 8.8 (high): An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a…
CVE-2016-4028 — CVSS 7.5 (high): An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest…
CVE-2020-28944 — CVSS 7.5 (high): OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.
CVE-2016-6853 — CVSS 6.1 (medium): An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the…
CVE-2016-6851 — CVSS 6.1 (medium): An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader…
CVE-2016-6854 — CVSS 6.1 (medium): An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets…
CVE-2023-26456 — CVSS 5.4 (medium): Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at…