Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
roundcube webmail vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-44026
Roundcube prior to 1.3.17 and 1.4.x prior to 1.4.12 is prone to a potential SQL injection via search or search_params.
Roundcube Webmail
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
1 Github repository
1 Article
383
VMScore
CVE-2021-44025
Roundcube prior to 1.3.17 and 1.4.x prior to 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message.
Roundcube Webmail
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2023-47272
Roundcube 1.5.x prior to 1.5.6 and 1.6.x prior to 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).
Roundcube Webmail
Fedoraproject Fedora 37
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Debian Debian Linux 12.0
383
VMScore
CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o...
Microsoft Outlook 2007
Horde Horde Imp -
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Freron Mailmate -
Mozilla Thunderbird -
Emclient Emclient -
Postbox-inc Postbox -
Roundcube Webmail -
1 Github repository
1 Article
383
VMScore
CVE-2021-46144
Roundcube prior to 1.4.13 and 1.5.x prior to 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.
Roundcube Roundcube
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
187
VMScore
CVE-2022-28218
An issue exists in CipherMail Webmail Messenger 1.1.1 up to and including 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA).
Ciphermail Webmail Messenger
NA
CVE-2024-37383
Roundcube Webmail prior to 1.5.7 and 1.6.x prior to 1.6.7 allows XSS via SVG animate attributes.
NA
CVE-2024-37384
Roundcube Webmail prior to 1.5.7 and 1.6.x prior to 1.6.7 allows XSS via list columns from user preferences.
NA
CVE-2024-37385
Roundcube Webmail prior to 1.5.7 and 1.6.x prior to 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.
356
VMScore
CVE-2019-12938
The Roundcube component of Analogic Poste.io 2.1.6 uses .htaccess to protect the logs/ folder, which is effective with the Apache HTTP Server but is ineffective with nginx. Attackers can read logs via the webmail/logs/sendmail URI.
Analogic Poste.io 2.1.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
NEXT »