Lucene search
K

18 matches found

Information Security Automation
Information Security Automation
added 2024/10/15 12:21 p.m.30 views

About Cross Site Scripting – Roundcube Webmail (CVE-2024-37383) vulnerability

About Cross Site Scripting - Roundcube Webmail CVE-2024-37383 vulnerability. Roundcube is a web-based email client with functionality comparable to desktop email clients such as Outlook Express or Mozilla Thunderbird. The vulnerability is caused by an error in the processing of SVG elements in th...

6.1CVSS6.7AI score0.73445EPSS
Exploits7
OpenVAS
OpenVAS
added 2024/06/26 12:0 a.m.26 views

Ubuntu: Security Advisory (USN-6848-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.8AI score0.73445EPSS
Exploits7References5
Tenable Nessus
Tenable Nessus
added 2024/06/26 12:0 a.m.35 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Roundcube vulnerabilities (USN-6848-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6848-1 advisory. Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote...

6.1CVSS7.4AI score0.73445EPSS
Exploits7References5
OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.18 views

openSUSE: Security Advisory for roundcubemail (openSUSE-SU-2023:0345-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6AI score0.73445EPSS
Exploits2References4
hivepro
hivepro
added 2023/10/31 5:56 a.m.40 views

Attacks, Vulnerabilities and Actors 23 October to 29 October 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of seven executed attacks, two instances of adversary activity, and three exploited...

4.9CVSS7.4AI score0.73445EPSS
Exploits2
hivepro
hivepro
added 2023/10/27 7:45 a.m.49 views

Winter Vivern Capitalizes on Zero-Day Flaw in Roundcube

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Winter Vivern cyberespionage group has been actively exploiting a zero-day vulnerability in the Roundcube webmail. The identified vulnerability, CVE-2023-5631, permits stored cross-site scripting...

4.9CVSS6.6AI score0.73445EPSS
Exploits2
CISA
CISA
added 2023/10/26 12:0 p.m.10 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-5631 Roundcube Webmail Persistent Cross-Site Scripting XSS Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors an...

6.1CVSS6.2AI score0.73445EPSS
In wildExploits2References6
The Hacker News
The Hacker News
added 2023/10/25 1:20 p.m.79 views

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

The threat actor known as Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security...

6.1CVSS5.8AI score0.73445EPSS
Exploits3
Debian
Debian
added 2023/10/24 9:50 p.m.24 views

[SECURITY] [DLA 3630-1] roundcube security update

Debian LTS Advisory DLA-3630-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin October 24, 2023 https://wiki.debian.org/LTS Package : roundcube Version : 1.3.17+dfsg.1-1deb10u4 CVE ID : CVE-2023-5631 Debian Bug : 1054079 Denys Klymenko discovered a cross-site...

6.1CVSS6.2AI score0.73445EPSS
Exploits2
Debian
Debian
added 2023/10/23 6:47 a.m.28 views

[SECURITY] [DSA 5531-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5531-1 [email protected] https://www.debian.org/security/ Sebastien Delafond October 23, 2023 https://www.debian.org/security/faq -...

6.1CVSS6.8AI score0.73445EPSS
Exploits2
NVD
NVD
added 2023/10/20 4:15 a.m.24 views

CVE-2023-46267

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-5631. Reason: This candidate is a duplicate of CVE-2023-5631. Notes: All CVE users should reference CVE-2023-5631 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

5.8AI score
Exploits1
OSV
OSV
added 2023/10/20 4:15 a.m.3 views

UBUNTU-CVE-2023-46267

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-5631. Reason: This candidate is a duplicate of CVE-2023-5631. Notes: All CVE users should reference CVE-2023-5631 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usag...

5.8AI score
Exploits1References8
OpenVAS
OpenVAS
added 2023/10/19 12:0 a.m.21 views

Roundcube Webmail < 1.4.15, 1.5.x < 1.5.5, 1.6.x < 1.6.4 XSS Vulnerability

Roundcube Webmail is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS5.5AI score0.73445EPSS
Exploits2References8
UbuntuCve
UbuntuCve
added 2023/10/18 3:15 p.m.148 views

CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...

6.1CVSS6.4AI score0.73445EPSS
Exploits2References8
Cvelist
Cvelist
added 2023/10/18 2:51 p.m.44 views

CVE-2023-5631 Stored XSS vulnerability in Roundcube

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...

6.1CVSS6.2AI score0.73445EPSS
Exploits2References15
Vulnrichment
Vulnrichment
added 2023/10/18 2:51 p.m.5 views

CVE-2023-5631 Stored XSS vulnerability in Roundcube

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...

6.1CVSS5.6AI score0.73445EPSS
Exploits2References15
CVE
CVE
added 2023/10/18 2:51 p.m.487 views

CVE-2023-5631

CVE-2023-5631 affects Roundcube Webmail. The issue is a stored XSS via an HTML e-mail message containing a crafted SVG, caused by logic in Roundcube’s rcube_washtml.php. Affected versions are Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4. Successful exploitation could allow ...

6.1CVSS5.7AI score0.73445EPSS
In wildExploits2References16Affected Software1
CVE
CVE
added 1976/01/01 12:0 a.m.70 views

CVE-2023-46267

CVE-2023-46267 is rejected/not used and does not represent an active vulnerability entry.

5.5AI score
Exploits1
Rows per page
Query Builder