Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DLA-613-1
HistorySep 08, 2016 - 12:00 a.m.

roundcube - security update

2016-09-0800:00:00
Google
osv.dev
11

EPSS

0.112

Percentile

95.3%

JSON

Multiple CSRF and XSS issues allow remote attackers to hijack the
authentication and execute roundcube operations without the consent of the
user. In some cases, this could result in data loss or data theft.

  • CVE-2014-9587
    Multiple cross-site request forgery (CSRF) vulnerabilities in
    allow remote attackers to hijack the authentication of unspecified
    victims via unknown vectors, related to (1) address book operations or
    the (2) ACL or (3) Managesieve plugins.
  • CVE-2015-1433
    Incorrect quotation logic during sanitization of style HTML
    attribute allows remote attackers to execute arbitrary
    javascript code on the user’s browser.
  • CVE-2016-4069
    Cross-site request forgery (CSRF) vulnerability allows remote
    attackers to hijack the authentication of users for requests that
    download attachments and cause a denial of service (disk consumption)
    via unspecified vectors.

For Debian 7 Wheezy, these problems have been fixed in version
0.7.2-9+deb7u4.

We recommend that you upgrade your roundcube packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS&gt;

Related

debian 1
openvas 6
nessus 9
prion 3
cvelist 3
ubuntucve 3
nvd 3
cve 3
debiancve 3
seebug 1
fedora 2
mageia 1
debian
debian
[SECURITY] [DLA 613-1] roundcube security update
2016-09-08 09:58:47
openvas
openvas
Debian: Security Advisory (DLA-613-1)
2018-02-07 00:00:00
Roundcube Webmail < 1.1.5 CSRF Vulnerability
2016-12-07 00:00:00
Fedora Update for roundcubemail FEDORA-2015-1761
2015-02-15 00:00:00
nessus
nessus
Debian DLA-613-1 : roundcube security update
2016-09-09 00:00:00
openSUSE Security Update : roundcubemail (openSUSE-SU-2015:0116-1)
2015-01-26 00:00:00
openSUSE Security Update : roundcubemail (openSUSE-2015-148)
2015-02-16 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-01-15 15:59:00
Cross site scripting
2015-02-03 16:59:00
Cross site request forgery (csrf)
2016-08-25 18:59:00
cvelist
cvelist
CVE-2014-9587
2015-01-15 15:00:00
CVE-2015-1433
2015-02-03 16:00:00
CVE-2016-4069
2016-08-25 18:00:00
ubuntucve
ubuntucve
CVE-2014-9587
2015-01-15 00:00:00
CVE-2015-1433
2015-02-03 00:00:00
CVE-2016-4069
2016-08-25 00:00:00
nvd
nvd
CVE-2014-9587
2015-01-15 15:59:21
CVE-2015-1433
2015-02-03 16:59:24
CVE-2016-4069
2016-08-25 18:59:00
cve
cve
CVE-2014-9587
2015-01-15 15:59:21
CVE-2015-1433
2015-02-03 16:59:24
CVE-2016-4069
2016-08-25 18:59:00
debiancve
debiancve
CVE-2014-9587
2015-01-15 15:59:21
CVE-2015-1433
2015-02-03 16:59:24
CVE-2016-4069
2016-08-25 18:59:00
seebug
seebug
RoundCube Webmail mail <1.0.5 body stored XSS(CVE-2015-1433)
2017-03-16 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: roundcubemail-1.0.5-1.fc20
2015-02-15 03:30:22
[SECURITY] Fedora 21 Update: roundcubemail-1.0.5-1.fc21
2015-02-15 03:18:57
mageia
mageia
Updated roundcubemail packages fix security vulnerabilities
2016-04-29 20:21:35

EPSS

0.112

Percentile

95.3%

JSON
Related for OSV:DLA-613-1
debian1openvas6nessus9prion3cvelist3ubuntucve3nvd3cve3debiancve3seebug1fedora2mageia1