Search CVE reports


Toggle filters

61 – 70 of 103 results


CVE-2018-9846

Medium priority

Some fixes available 1 of 2

In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected Not affected Not affected Not affected
Show less packages

CVE-2018-1000071

Medium priority

Some fixes available 2 of 6

roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected Not affected Not affected Fixed
Show less packages

CVE-2017-16651

High priority

Some fixes available 1 of 3

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. The...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected Not affected Not affected Not affected
Show less packages

CVE-2017-1000049

Medium priority
Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8864. Reason: This candidate is a reservation duplicate of CVE-2015-8864. Notes: All CVE users should reference CVE-2015-8864 instead of this candidate. ...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube
Show less packages

CVE-2015-5383

Medium priority
Ignored

Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected
Show less packages

CVE-2015-5382

Medium priority
Ignored

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected
Show less packages

CVE-2015-5381

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected
Show less packages

CVE-2017-8114

Medium priority

Some fixes available 1 of 5

Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected Not affected Not affected Not affected
Show less packages

CVE-2016-4068

Medium priority

Some fixes available 1 of 6

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected Not affected Not affected Not affected
Show less packages

CVE-2015-8864

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected
Show less packages