Debian Roundcube vulnerabilities

85 known vulnerabilities affecting debian/roundcube.

Total CVEs
85
CISA KEV
11
actively exploited
Public exploits
10
Exploited in wild
9
Severity breakdown
CRITICAL4HIGH14MEDIUM46LOW21

Vulnerabilities

Page 5 of 5
CVE-2009-0413LOWCVSS 4.3fixed in roundcube 0.2~stable-1 (bookworm)2009
CVE-2009-0413 [MEDIUM] CVE-2009-0413: roundcube - Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.... Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web script or HTML via the background attribute embedded in an HTML e-mail message. Scope: local bookworm: resolved (fixed in 0.2~stable-1) bullseye: resolved (fixed in 0.2~stable-1) forky: resolved (fixed in 0.2~stable-1) sid: resol
debian
CVE-2008-5619HIGHCVSS 10.0PoCfixed in roundcube 0.1.1-9 (bookworm)2008
CVE-2008-5619 [CRITICAL] CVE-2008-5619: roundcube - html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5... html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch. Scope: local bookworm: resolved (fixed in 0.1.1-
debian
CVE-2008-5620LOWCVSS 7.8fixed in roundcube 0.1.1-10 (bookworm)2008
CVE-2008-5620 [HIGH] CVE-2008-5620: roundcube - RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cau... RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted size parameters that are used to create a large quota image. Scope: local bookworm: resolved (fixed in 0.1.1-10) bullseye: resolved (fixed in 0.1.1-10) forky: resolved (fixed in 0.1.1-10) sid: resolved (fixed in 0.1.1-10) trixie: re
debian
CVE-2007-6321LOWCVSS 4.3PoCfixed in roundcube 0.1~rc2-6 (bookworm)2007
CVE-2007-6321 [MEDIUM] CVE-2007-6321: roundcube - Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09... Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands. Scope: local bookworm: resolved (fixed in 0.1~rc2-6) bullseye: resolved (fixed in 0.1~rc2-6) forky: resolved (fixed in 0
debian
CVE-2005-4368LOWCVSS 5.02005
CVE-2005-4368 [MEDIUM] CVE-2005-4368: roundcube - roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debu... roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
← Previous5 / 5