[SECURITY] [DLA 4604-1] roundcube security update

Debian LTS Advisory DLA-4604-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 28, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u9 CVE ID : CVE-2026-48842 CVE-2026-48843 CVE-2026-48844 CVE-2026-48845 CVE-2026-48846...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Roundcube Webmail vulnerabilities (USN-8223-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8223-1 advisory. It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibl...

USN-8223-1: Roundcube Webmail vulnerabilities

It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibly use this issue to cause a homograph attack. CVE-2019-15237 It was discovered that Roundcube Webmail did not properly sanitize certain attributes when handling CSS within HTML messages and...

USN-8223-1 roundcube vulnerabilities

It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibly use this issue to cause a homograph attack. CVE-2019-15237 It was discovered that Roundcube Webmail did not properly sanitize certain attributes when handling CSS within HTML messages and...

Security update for roundcubemail (important)

openSUSE security update: security update for roundcubemail ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20586-1 Rating: important References: bsc1261157 bsc1261488 Cross-References: CVE-2026-35537 Affected Products: openSUSE Leap 16.0...

Security update for roundcubemail (important)

openSUSE Security Update: Security update for roundcubemail Announcement ID: openSUSE-SU-2026:0141-1 Rating: important References: 1261157 1261488 Cross-References: CVE-2026-35537 Affected Products: openSUSE Backports SLE-15-SP7 An update that solves one vulnerability and has one errata is now...

OPENSUSE-SU-2026:20586-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Changes in roundcubemail: - update to 1.6.15 This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to some regressions introduced in the previous release as well a recently reported security...

PT-2026-27792

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches Cisco Catalyst ESS9300 Embedded Series Switches Cisco Catalyst IE9310 and IE9320 Rugged Series Switches Cisco IE3500 and IE3505 Rugged Series Switches Description A flaw exists in t...

FreeBSD : Roundcube -- Multiple vulnerabilities (c5b93cb5-2363-11f1-81da-8447094a420f)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c5b93cb5-2363-11f1-81da-8447094a420f advisory. The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcac...

Security update for roundcubemail (important)

openSUSE security update: security update for roundcubemail ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20323-1 Rating: important References: bsc1255306 bsc1255308 bsc1257909 bsc1258052 Cross-References: CVE-2025-68460 CVE-2025-68461...

Fedora 42 : roundcubemail (2026-d684b372f1)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-d684b372f1 advisory. Release 1.6.13 - Managesieve: Fix handling of string-list format values for date tests in Out of Office 10075 - Fix remote image blocking bypass via SVG...

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

CVE-2025-54549 Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO

Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO...

Linux Distros Unpatched Vulnerability : CVE-2023-32683

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a Matrix protocol homeserver written in Python with the Twisted framework. A discovered oEmbed or image URL can bypass the urlpreviewurlblacklist...

Qualcomm 多款产品授权问题漏洞

The Qualcomm Qca chip and others are products of Qualcomm Incorporated.The Qualcomm Qca chip is a Bluetooth module chip.The Qualcomm Sd chip is a processor.The Qualcomm Wcd chip is an Aqstic™ audio codec.The Qualcomm Wcd chip is an Aqstic™ audio codec.The Qualcomm Wcd chip is an Aqstic™ audio...

OPENSUSE-SU-2016:1982-1 Security update for Chromium

Chromium was updated to 52.0.2743.116 to fix the following security issues: boo992305 - CVE-2016-5141: Address bar spoofing boo992314 - CVE-2016-5142: Use-after-free in Blink boo992313 - CVE-2016-5139: Heap overflow in pdfium boo992311 - CVE-2016-5140: Heap overflow in pdfium boo992310 -...