Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/roundcube@1.1.2%2Bdfsg.1-1?distro=trixie
purl pkg:deb/debian/roundcube@1.1.2%2Bdfsg.1-1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-23v8-vzqs-j3f6 program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. CVE-2015-5382
VCID-76t7-q4pa-gkct Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. CVE-2015-5381
VCID-kf54-x29g-63fb Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the _alt parameter, related to contact photo handling. CVE-2015-8794
VCID-z7fn-ubfx-g3em Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937. CVE-2015-8793

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:21:26.042833+00:00 Debian Importer Fixing VCID-z7fn-ubfx-g3em https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:41:53.589294+00:00 Debian Importer Fixing VCID-76t7-q4pa-gkct https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:59:55.867422+00:00 Debian Importer Fixing VCID-23v8-vzqs-j3f6 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:51:48.290125+00:00 Debian Importer Fixing VCID-kf54-x29g-63fb https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:12:27.250916+00:00 Debian Importer Fixing VCID-z7fn-ubfx-g3em https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:42:16.369017+00:00 Debian Importer Fixing VCID-76t7-q4pa-gkct https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:27:49.724658+00:00 Debian Importer Fixing VCID-23v8-vzqs-j3f6 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:21:26.026532+00:00 Debian Importer Fixing VCID-kf54-x29g-63fb https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:52:07.409341+00:00 Debian Importer Fixing VCID-kf54-x29g-63fb https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:52:07.368236+00:00 Debian Importer Fixing VCID-z7fn-ubfx-g3em https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:52:07.199125+00:00 Debian Importer Fixing VCID-23v8-vzqs-j3f6 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:52:07.151186+00:00 Debian Importer Fixing VCID-76t7-q4pa-gkct https://security-tracker.debian.org/tracker/data/json 38.1.0