Patch now! Roundcube mail servers are being actively exploited

The Cybersecurity & Infrastructure Security Agency CISA has added a vulnerability in Roundcube Webmail to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch FCEB agencies need to remediate this vulnerability by...

Alert: CISA Warns of Active 'Roundcube' Email Attacks - Patch Now

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added a medium-severity security flaw impacting Roundcube email software to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The issue, tracked as CVE-2023-43770 CVSS score: 6.1,...

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-43770link is external Roundcube Webmail Persistent Cross-Site Scripting XSS Vulnerability These types of vulnerabilities are frequent attack vectors for maliciou...

VulnCheck KEV: CVE-2023-43770

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that can lead to information disclosure via malicious link references in plain/text messages...

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a persistent cross-site scripting XSS vulnerability that can lead to information disclosure via malicious link references in plain/text messages...

Debian: Security Advisory (DLA-3683-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3683 : roundcube - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3683 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3683-1 [email protected] https://www.debian.org/lts/security/...

DLA-3683-1 roundcube - security update

Bulletin has no description...

[SECURITY] [DLA 3683-1] roundcube security update

Debian LTS Advisory DLA-3683-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin December 05, 2023 https://wiki.debian.org/LTS Package : roundcube Version : 1.3.17+dfsg.1-1deb10u5 CVE ID : CVE-2023-47272 Debian Bug : 1055421 Rene Rehme discovered a cross-site scripti...

[SECURITY] [DSA 5572-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5572-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 04, 2023 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-5572-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5572-1 : roundcube - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5572 advisory. Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would all...

DSA-5572-1 roundcube - security update

Bulletin has no description...

The vulnerability of the RoundCube email client, related to improper input validation during the creation of web pages, allows attackers to perform cross-site scripting attacks.

The vulnerability of the RoundCube email client is related to improper input validation during the creation of web pages. Exploiting this vulnerability allows an attacker to perform cross-site scripting attacks remotely...

ROS-20231116-01

A vulnerability in the RoundCube email client is related to improper input neutralization during the creation of a of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a cross-site scripted attack. cross-site scripting attacks...

[SECURITY] Fedora 39 Update: roundcubemail-1.6.5-1.fc39

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Exploit for SQL Injection in Roundcube Webmail

Roundcube CVE-2021-44026, a SQL injection This repository con...

Fedora 38 : roundcubemail (2023-0fd9865145)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0fd9865145 advisory. Release 1.6.5 - Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE 9171 - Fix duplicated Inbox folder on IMAP servers that do not use Inbox...

Fedora 39 : roundcubemail (2023-cf584ed77a)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cf584ed77a advisory. Release 1.6.5 - Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE 9171 - Fix duplicated Inbox folder on IMAP servers that do not use Inbox...

The vulnerability of the im_convert_path and im_identify_path functions in the rcube_image.php file of the RoundCube Webmail client allows a hacker to execute arbitrary code.

The vulnerability of the imconvertpath and imidentifypath functions in the RoundCube Webmail client’s rcubeimage.php file exists because no measures have been taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...