pkg:Debian/sogo
27 total CVEsHIGH6MEDIUM18LOW1
✅ Check your installed version
All known vulnerabilities
- from 0, < 3.2.4-0.2
- from 0, < 3.2.6-2+deb9u1
- from 0, < 4.0.7-1+deb10u2
- from 0, < 5.0.1-4+deb11u1
- HIGH7.1CVE-2026-46446SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection.from 0
- from 0
- MEDIUM6.5CVE-2016-6188Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of service (memory consumption) via a large number of attempts to uploa…from 0, < 3.2.4-0.2
- MEDIUM6.1CVE-2026-8496A cross-site scripting (XSS) vulnerability exists in Alinto SOGo, version 5.12.7.from 0
- MEDIUM6.1CVE-2025-71276SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.from 0
- from 0
- MEDIUM6.1CVE-2025-63499Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.from 0, < 5.0.1-4+deb11u3
- from 0, < 5.0.1-4+deb11u2
- from 0, < 5.0.1-4+deb11u2
- MEDIUM6.1CVE-2024-24510Cross Site Scripting vulnerability in Alinto SOGo before 5.10.0 allows a remote attacker to execute arbitrary code via the import function…from 0
- from 0, < 5.0.1-4+deb11u3
- from 0, < 5.0.1-4+deb11u3
- from 0
- MEDIUM6.1CVE-2020-22402Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user re…from 0, < 4.3.2-1
- from 0
- MEDIUM6.1CVE-2022-4556A vulnerability was found in Alinto SOGo up to 5.7.1 and classified as problematic.from 0
- MEDIUM6.1CVE-2016-6191Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attac…from 0, < 3.2.4-0.2
- MEDIUM6.1CVE-2014-9905Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web…from 0, < 2.2.5-1
- MEDIUM4.3CVE-2016-6190SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users…from 0, < 3.2.4-0.2
- MEDIUM4.3CVE-2016-6189Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows remote authenticated users to obtain sensitive information by readin…from 0, < 3.2.4-0.2
- LOW2.6CVE-2026-33550SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recom…from 0
- —CVE-2026-8851SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authe…from 0
- —CVE-2025-50340An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send…from 0