VYPR

rpm package

opensuse/roundcubemail&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/roundcubemail&distro=openSUSE%20Tumbleweed

Vulnerabilities (27)

  • CVE-2017-6820MedMar 12, 2017
    affected < 1.4.11-1.3fixed 1.4.11-1.3

    rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.

  • CVE-2015-2181HigJan 30, 2017
    affected < 1.2.3-1.1fixed 1.2.3-1.1

    Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.

  • CVE-2015-8770HigJan 29, 2016
    affected < 1.2.3-1.1fixed 1.2.3-1.1

    Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (do

  • CVE-2013-6172Nov 5, 2013
    affected < 1.2.3-1.1fixed 1.2.3-1.1

    steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.

  • CVE-2013-5645Aug 29, 2013
    affected < 1.2.3-1.1fixed 1.2.3-1.1

    Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote aut

  • CVE-2012-3508Aug 25, 2012
    affected < 1.2.3-1.1fixed 1.2.3-1.1

    Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

  • CVE-2012-3507Aug 25, 2012
    affected < 1.2.3-1.1fixed 1.2.3-1.1

    Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.

Page 2 of 2