9 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-47272
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...
openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2024:0257-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0257-1 advisory. Update to 1.6.7 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerabilities: F...
openSUSE Security Advisory (openSUSE-SU-2024:0257-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : Roundcube vulnerabilities (USN-6848-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6848-1 advisory. Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote...
Ubuntu: Security Advisory (USN-6848-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian dla-3683 : roundcube - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3683 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3683-1 [email protected] https://www.debian.org/lts/security/...
[SECURITY] [DSA 5572-1] roundcube security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5572-1 [email protected] https://www.debian.org/security/ Sebastien Delafond December 04, 2023 https://www.debian.org/security/faq -...
Debian DSA-5572-1 : roundcube - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5572 advisory. Rene Rehme discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly set headers when handling attachments. This would all...
CVE-2023-47272
CVE-2023-47272 affects Roundcube Webmail (1.5.x before 1.5.6 and 1.6.x before 1.6.5). The underlying issue is improper handling of header values (Content-Type/Content-Disposition) when processing attachments, enabling a cross-site scripting (XSS) vulnerability via attachment preview or download. ...