rpm package
opensuse/roundcubemail&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/roundcubemail&distro=openSUSE%20Tumbleweed
Vulnerabilities (27)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-6820 | Med | 6.1 | < 1.4.11-1.3 | 1.4.11-1.3 | Mar 12, 2017 | rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element. | |
| CVE-2015-2181 | Hig | 8.8 | < 1.2.3-1.1 | 1.2.3-1.1 | Jan 30, 2017 | Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username. | |
| CVE-2015-8770 | Hig | 7.5 | < 1.2.3-1.1 | 1.2.3-1.1 | Jan 29, 2016 | Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (do | |
| CVE-2013-6172 | — | < 1.2.3-1.1 | 1.2.3-1.1 | Nov 5, 2013 | steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code. | ||
| CVE-2013-5645 | — | < 1.2.3-1.1 | 1.2.3-1.1 | Aug 29, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote aut | ||
| CVE-2012-3508 | — | < 1.2.3-1.1 | 1.2.3-1.1 | Aug 25, 2012 | Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email. | ||
| CVE-2012-3507 | — | < 1.2.3-1.1 | 1.2.3-1.1 | Aug 25, 2012 | Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject. |
- affected < 1.4.11-1.3fixed 1.4.11-1.3
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
- affected < 1.2.3-1.1fixed 1.2.3-1.1
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.
- affected < 1.2.3-1.1fixed 1.2.3-1.1
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (do
- CVE-2013-6172Nov 5, 2013affected < 1.2.3-1.1fixed 1.2.3-1.1
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.
- CVE-2013-5645Aug 29, 2013affected < 1.2.3-1.1fixed 1.2.3-1.1
Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote aut
- CVE-2012-3508Aug 25, 2012affected < 1.2.3-1.1fixed 1.2.3-1.1
Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.
- CVE-2012-3507Aug 25, 2012affected < 1.2.3-1.1fixed 1.2.3-1.1
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
Page 2 of 2