Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/roundcube@1.3.10%2Bdfsg.1-1?distro=trixie
Typedeb
Namespacedebian
Nameroundcube
Version1.3.10+dfsg.1-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.4.4+dfsg.1-1
Latest_non_vulnerable_version1.6.15+dfsg-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-j29t-cw2h-mfd8
vulnerability_id VCID-j29t-cw2h-mfd8
summary roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000071
reference_id
reference_type
scores
0
value 0.00291
scoring_system epss
scoring_elements 0.52412
published_at 2026-04-01T12:55:00Z
1
value 0.00291
scoring_system epss
scoring_elements 0.52458
published_at 2026-04-02T12:55:00Z
2
value 0.00291
scoring_system epss
scoring_elements 0.52485
published_at 2026-04-04T12:55:00Z
3
value 0.00291
scoring_system epss
scoring_elements 0.52452
published_at 2026-04-07T12:55:00Z
4
value 0.00291
scoring_system epss
scoring_elements 0.52504
published_at 2026-04-08T12:55:00Z
5
value 0.00291
scoring_system epss
scoring_elements 0.52498
published_at 2026-04-09T12:55:00Z
6
value 0.00291
scoring_system epss
scoring_elements 0.52549
published_at 2026-04-11T12:55:00Z
7
value 0.00291
scoring_system epss
scoring_elements 0.52532
published_at 2026-04-12T12:55:00Z
8
value 0.00291
scoring_system epss
scoring_elements 0.52516
published_at 2026-04-13T12:55:00Z
9
value 0.00291
scoring_system epss
scoring_elements 0.52556
published_at 2026-04-16T12:55:00Z
10
value 0.00291
scoring_system epss
scoring_elements 0.52561
published_at 2026-04-18T12:55:00Z
11
value 0.00291
scoring_system epss
scoring_elements 0.52545
published_at 2026-04-21T12:55:00Z
12
value 0.00291
scoring_system epss
scoring_elements 0.52493
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000071
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000071
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000071
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897014
reference_id 897014
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897014
3
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.10%2Bdfsg.1-1?distro=trixie
purl pkg:deb/debian/roundcube@1.3.10%2Bdfsg.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.10%252Bdfsg.1-1%3Fdistro=trixie
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rdb5-bbvn-7fcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie
3
url pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2018-1000071
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j29t-cw2h-mfd8
1
url VCID-ur1a-7tdn-h3hu
vulnerability_id VCID-ur1a-7tdn-h3hu
summary In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10740
reference_id
reference_type
scores
0
value 0.00174
scoring_system epss
scoring_elements 0.38532
published_at 2026-04-24T12:55:00Z
1
value 0.00174
scoring_system epss
scoring_elements 0.38688
published_at 2026-04-21T12:55:00Z
2
value 0.00174
scoring_system epss
scoring_elements 0.38656
published_at 2026-04-01T12:55:00Z
3
value 0.00174
scoring_system epss
scoring_elements 0.38785
published_at 2026-04-08T12:55:00Z
4
value 0.00174
scoring_system epss
scoring_elements 0.38806
published_at 2026-04-04T12:55:00Z
5
value 0.00174
scoring_system epss
scoring_elements 0.38735
published_at 2026-04-07T12:55:00Z
6
value 0.00174
scoring_system epss
scoring_elements 0.38796
published_at 2026-04-09T12:55:00Z
7
value 0.00174
scoring_system epss
scoring_elements 0.38808
published_at 2026-04-11T12:55:00Z
8
value 0.00174
scoring_system epss
scoring_elements 0.38772
published_at 2026-04-12T12:55:00Z
9
value 0.00174
scoring_system epss
scoring_elements 0.38744
published_at 2026-04-13T12:55:00Z
10
value 0.00174
scoring_system epss
scoring_elements 0.3879
published_at 2026-04-16T12:55:00Z
11
value 0.00174
scoring_system epss
scoring_elements 0.38768
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10740
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10740
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10740
3
reference_url https://github.com/roundcube/roundcubemail/issues/6638
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/issues/6638
4
reference_url https://github.com/roundcube/roundcubemail/releases/tag/1.3.10
reference_id
reference_type
scores
url https://github.com/roundcube/roundcubemail/releases/tag/1.3.10
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TFFMSO5WKEYSGMTZPZFF4ZADUJ57PRN5/
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927713
reference_id 927713
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=927713
7
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
reference_id cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
8
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
reference_id cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10740
reference_id CVE-2019-10740
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://nvd.nist.gov/vuln/detail/CVE-2019-10740
14
reference_url https://usn.ubuntu.com/8132-1/
reference_id USN-8132-1
reference_type
scores
url https://usn.ubuntu.com/8132-1/
fixed_packages
0
url pkg:deb/debian/roundcube@1.3.10%2Bdfsg.1-1?distro=trixie
purl pkg:deb/debian/roundcube@1.3.10%2Bdfsg.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.10%252Bdfsg.1-1%3Fdistro=trixie
1
url pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/roundcube@1.4.15%2Bdfsg.1-1%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rdb5-bbvn-7fcq
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.4.15%252Bdfsg.1-1%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
purl pkg:deb/debian/roundcube@1.6.5%2Bdfsg-1%2Bdeb12u6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.5%252Bdfsg-1%252Bdeb12u6%3Fdistro=trixie
3
url pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.13%2Bdfsg-0%2Bdeb13u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.13%252Bdfsg-0%252Bdeb13u1%3Fdistro=trixie
4
url pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/roundcube@1.6.15%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.6.15%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2019-10740
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ur1a-7tdn-h3hu
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/roundcube@1.3.10%252Bdfsg.1-1%3Fdistro=trixie