18 matches found
EUVD-2018-1824
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-19205
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue ...
Linux Distros Unpatched Vulnerability : CVE-2018-1000071
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This...
SUSE CVE-2018-1000071
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity...
Fedora 28 : roundcubemail (2018-c279b3696f)
Upstream announcement : Version 1.3.6 This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under...
DEBIAN-CVE-2018-19205
Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigmadrivergnupg.php...
PT-2018-14861
Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.3.7 Description The issue makes it easier for attackers to obtain sensitive information by mishandling GnuPG MDC integrity-protection warnings. This is related to the handling of encryption and decryption processe...
Information Disclosure
imscp/roundcube is vulnerable to information disclosures. The enigma plugin has insecure permissions, allowing a malicious user who has access to the web server to gain access to the gpg private key...
Fedora 26 : roundcubemail (2018-f6dc921a19)
Upstream announcement : Version 1.3.6 This is a security update to the stable version 1.3. It primarily fixes a recently discovered IMAP command injection vulnerability caused by insufficient input validation within the archive plugin. Details about the vulnerability are published under...
Roundcube Information Disclosure Vulnerability
roundCube is a browser-based IMAP client that supports address book management, message searching, spell checking, etc. The enigma plugin is one of the encryption components. A security vulnerability exists in the enigma plugin in roundcube 1.3.4 and earlier versions. An attacker can exploit this...
Design/Logic Flaw
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity...
CVE-2018-1000071
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity...
CVE-2018-1000071
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity...
CVE-2018-1000071
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity...
UBUNTU-CVE-2018-1000071
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity...
CVE-2018-1000071
Roundcube Webmail
CVE-2018-1000071
roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity...
PT-2018-9257
Name of the Vulnerable Software and Affected Versions: roundcube versions 1.3.4 and earlier Description: The issue concerns a problem with insecure permissions in the enigma plugin, which can lead to the exfiltration of the gpg private key. This can be exploited through network connectivity...