Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 71 results


CVE-2020-13965

High priority

Some fixes available 3 of 4

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-13964

Medium priority

Some fixes available 3 of 4

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-12641

High priority

Some fixes available 3 of 4

rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-12640

Medium priority

Some fixes available 3 of 4

Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-12626

Medium priority

Some fixes available 3 of 4

An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-12625

Medium priority

Some fixes available 3 of 4

An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2019-15237

Low priority

Some fixes available 6 of 14

Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Fixed Fixed Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2019-10740

Medium priority
Vulnerable

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or...

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2018-19206

Medium priority
Vulnerable

steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2018-19205

Medium priority
Vulnerable

Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated...

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages