Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (7)
| Vulnerability |
Summary |
Aliases |
|
VCID-3rza-7fvy-guce
|
Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler
|
CVE-2026-35537
GHSA-rxj3-rrwm-pj4r
|
|
VCID-am6h-k37a-j3au
|
Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group.
|
CVE-2013-5646
|
|
VCID-cqkb-9pzc-skf1
|
Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.
|
CVE-2012-3507
|
|
VCID-eewu-36xn-myf9
|
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.
|
CVE-2024-37385
|
|
VCID-jkut-q94f-sbd5
|
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
|
CVE-2005-4368
|
|
VCID-p1fk-9wdh-83ae
|
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the (1) config, (2) temp, or (3) logs directory.
|
CVE-2015-5383
|
|
VCID-q7hf-9w59-n3an
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.
|
CVE-2012-6121
|