Search CVE reports


Toggle filters

71 – 80 of 103 results


CVE-2017-6820

Medium priority

Some fixes available 1 of 5

rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected Not affected Not affected Not affected
Show less packages

CVE-2015-2181

Medium priority
Ignored

Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected
Show less packages

CVE-2015-2180

Medium priority
Ignored

The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected
Show less packages

CVE-2016-5103

Medium priority
Ignored

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4552. Reason: This candidate is a reservation duplicate of CVE-2016-4552. Notes: All CVE users should reference CVE-2016-4552 instead of this candidate. ...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube
Show less packages

CVE-2016-4552

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected
Show less packages

CVE-2016-9920

Medium priority

Some fixes available 1 of 2

steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected Not affected Not affected Not affected
Show less packages

CVE-2016-4069

Medium priority

Some fixes available 1 of 6

Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of users for requests that download attachments and cause a denial of service...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected Not affected Not affected Not affected
Show less packages

CVE-2015-8794

Medium priority
Ignored

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter,...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected
Show less packages

CVE-2015-8793

Medium priority
Ignored

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected
Show less packages

CVE-2015-8770

Medium priority
Ignored

Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary...

1 affected package

roundcube

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
roundcube Not affected
Show less packages