Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: sogo

Found 3 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-33550
2.0 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 day, 2 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 1 day, 10 hours ago
  • @LeSuisse accepted 1 day, 2 hours ago
  • @LeSuisse published on GitHub 1 day, 2 hours ago
SOGo before 5.12.5 does not renew the OTP if a …

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).

References

Affected products

SOGo
  • <5.12.5

Matching in nixpkgs

Package maintainers

Upstream patch: https://github.com/Alinto/sogo/commit/83d4c522f87cfde0ba543837d9b24c3479083ec2
Published
Permalink CVE-2025-71276
6.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 day, 2 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 1 day, 10 hours ago
  • @LeSuisse accepted 1 day, 2 hours ago
  • @LeSuisse published on GitHub 1 day, 2 hours ago
SOGo before 5.12.5 is prone to a XSS vulnerability with …

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

References

Affected products

SOGo
  • <5.12.5

Matching in nixpkgs

Package maintainers

Upstream patch: https://github.com/Alinto/sogo/commit/e9b3f2a43d7557e8416f6749df4ab4f9128af2d1
Untriaged
Permalink CVE-2026-3054
4.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 weeks, 4 days ago
Alinto SOGo cross site scripting

A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the argument hint leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected products

SOGo
  • ==5.12.3
  • ==5.12.4

Matching in nixpkgs

Package maintainers