Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: sogo

Found 2 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-33550
2.0 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): HIGH
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 day, 3 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 1 day, 12 hours ago
  • @LeSuisse accepted 1 day, 4 hours ago
  • @LeSuisse published on GitHub 1 day, 3 hours ago
SOGo before 5.12.5 does not renew the OTP if a …

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).

References

Affected products

SOGo
  • <5.12.5

Matching in nixpkgs

Package maintainers

Upstream patch: https://github.com/Alinto/sogo/commit/83d4c522f87cfde0ba543837d9b24c3479083ec2
Permalink CVE-2025-71276
6.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 day, 3 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 1 day, 12 hours ago
  • @LeSuisse accepted 1 day, 4 hours ago
  • @LeSuisse published on GitHub 1 day, 3 hours ago
SOGo before 5.12.5 is prone to a XSS vulnerability with …

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

References

Affected products

SOGo
  • <5.12.5

Matching in nixpkgs

Package maintainers

Upstream patch: https://github.com/Alinto/sogo/commit/e9b3f2a43d7557e8416f6749df4ab4f9128af2d1