openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2022:10148-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10148-1 advisory. - In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a...

FreeBSD : roundcube-thunderbird_labels -- RCE with custom label titles (127674c6-4a27-11ed-9f93-002b67dfc673)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 127674c6-4a27-11ed-9f93-002b67dfc673 advisory. - The Roundcube project reports: Remote code execution vulnerability in roundcube- thunderbirdlabels wh...

roundcube-thunderbird_labels -- RCE with custom label titles

The Roundcube project reports: Description: Remote code execution vulnerability in roundcube-thunderbirdlabels when tblabelmodifylabels is enabled. Workaround: If you cannot upgrade to roundcube-thunderbirdlabels-1.4.13 disable the tblabelmodifylabels config option...

Roundcube Webmail func.inc Cross-site Scripting (CVE-2018-19206)

A cross-site scripting vulnerability exists in Roundcube Webmail. The vulnerability is due to improper handling of a tag within HTML attachments. A remote attacker can exploit this vulnerability by enticing a user to open an attachment...

The vulnerability of the Roundcube webmail client, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the Roundcube email client relates to the lack of measures taken to protect the website structure during the processing of CSS style sheets. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially crafted email...

USN-5182-1 roundcube vulnerabilities

It was discovered that Roundcube Webmail allowed JavaScript code to be present in the CDATA of an HTML message. A remote attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM...

CVE-2020-13965

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is among the allowed types for a preview...

CVE-2020-18670

Cross Site Scripting XSS vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php...

PHPMailer susceptible to arbitrary code execution

html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with t...

CVE-2022-28218

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...

CVE-2022-28218

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...

CVE-2022-28218

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...

Design/Logic Flaw

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys found in a Roundcube configuration file that are used to protect Webmail user passwords and two-factor authentication 2FA...

CVE-2022-28218

CipherMail Webmail Messenger versions 1.1.1–4.1.4 are affected by a local-attack vulnerability where secret keys stored in the Roundcube configuration file, used to protect Webmail user passwords and 2FA, can be accessed by an attacker with local access. This exposes confidentiality of credential...

CipherMail Webmail Messenger 安全漏洞

Ciphermail CipherMail Webmail Messenger is a Webmail add-on for the CipherMail cryptographic gateway from the Dutch company Ciphermail. A security vulnerability in CipherMail Webmail Messenger 1.1.1 through 4.1.4 allows a local attacker to access the key found in the Roundcube configuration file...

PT-2024-2991

The software that is vulnerable is the GNU C Library glibc versions 2.39 and older, specifically the iconv function when converting strings to the ISO-2022-CN-EXT character set. This vulnerability can be exploited through PHP-based web applications. The vulnerability is a buffer overflow in the...

MGASA-2022-0039 Updated roundcubemail packages fix security vulnerability

XSS in handling an attachment's filename extension when displaying a MIME type warning message CVE-2021-44025. Potential SQL injection via search or searchparams CVE-2021-44026...

Debian: Security Advisory (DLA-2878-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2878-1] roundcube security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2878-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin January 12, 2022 https://wiki.debian.org/LTS -...

[SECURITY] Fedora 35 Update: roundcubemail-1.5.2-1.fc35

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...