from 0, < 1.6.5+dfsg-1+deb12u5
from 0, < 1.4.15+dfsg.1-1+deb11u5
CRITICAL9.9⚠ KEVroundcube - security update
from 0, < 1.4.15+dfsg.1-1+deb11u5
CRITICAL9.8⚠ KEVRoundcube Webmail SQL Injection Vulnerability
from 0, < 1.4.12+dfsg.1-1~deb11u1
CRITICAL9.8⚠ KEVRoundcube Webmail Remote Code Execution Vulnerability
from 0, < 1.4.4+dfsg.1-1
CRITICAL9.3⚠ KEVRoundCube Webmail Cross-Site Scripting Vulnerability
from 0, < 1.4.15+dfsg.1-1+deb11u4
HIGH7.8⚠ KEVroundcube - security update
from 0, < 1.2.3+dfsg.1-4+deb9u1
HIGH7.8⚠ KEVroundcube - security update
from 0, < 0.7.2-9+deb7u9
HIGH7.8⚠ KEVroundcube - security update
from 0, < 1.3.3+dfsg.1-1
MEDIUM6.1⚠ KEVRoundCube Webmail Cross-site Scripting Vulnerability
from 0, < 1.4.15+dfsg.1-1+deb11u6
MEDIUM6.1⚠ KEVroundcube - security update
from 0, < 1.3.17+dfsg.1-1~deb10u6
MEDIUM6.1⚠ KEVroundcube - security update
from 0, < 1.4.15+dfsg.1-1+deb11u3
MEDIUM6.1⚠ KEVroundcube - security update
from 0, < 1.4.15+dfsg.1-1+deb11u3
MEDIUM6.1⚠ KEVroundcube - security update
from 0, < 1.3.17+dfsg.1-1~deb10u3
MEDIUM6.1⚠ KEVroundcube - security update
from 0, < 1.4.14+dfsg.1-1~deb11u1
MEDIUM6.1⚠ KEVroundcube - security update
from 0, < 1.4.10+dfsg.1-1
MEDIUM6.1⚠ KEVroundcube - security update
from 0, < 1.2.3+dfsg.1-4+deb9u8
MEDIUM6.1⚠ KEVroundcube - security update
from 0, < 1.3.16+dfsg.1-1~deb10u1
MEDIUM6.1⚠ KEVRoundcube Webmail Cross-Site Scripting (XSS) Vulnerability
from 0, < 1.4.5+dfsg.1-1
MEDIUM5.4⚠ KEVroundcube - security update
from 0, < 1.4.15+dfsg.1-1~deb11u1
MEDIUM5.4⚠ KEVroundcube - security update
from 0, < 1.3.17+dfsg.1-1~deb10u4
MEDIUM5.4⚠ KEVroundcube - security update
from 0, < 1.4.15+dfsg.1-1~deb11u1
CRITICAL9.8Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_p…
from 0, < 1.4.4+dfsg.1-1
CRITICAL9.3roundcube - security update
from 0, < 1.4.15+dfsg.1-1+deb11u4
CRITICAL9.3roundcube - security update
from 0, < 1.6.5+dfsg-1+deb12u3
CRITICAL9.3roundcube - security update
from 0, < 1.4.15+dfsg.1-1+deb11u4
HIGH8.8roundcube - security update
from 0, < 1.3.6+dfsg.1-1
HIGH8.8roundcube - security update
from 0, < 1.2.3+dfsg.1-4+deb9u2
HIGH8.8roundcube - security update
from 0, < 0.7.2-9+deb7u7
HIGH8.8roundcube - security update
from 0, < 1.2.3+dfsg.1-4
HIGH8.8Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified…
from 0, < 1.1.1+dfsg.1-2
HIGH8.8The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metachar…
from 0, < 1.1.1+dfsg.1-2
HIGH8.8Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of u…
from 0, < 1.1.5+dfsg.1-1
HIGH8.1Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_r…
from 0
HIGH7.5Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could le…
from 0
HIGH7.5roundcube - security update
from 0, < 1.6.5+dfsg-1+deb12u6
HIGH7.5roundcube - security update
from 0, < 1.4.15+dfsg.1-1+deb11u6
HIGH7.5roundcube - security update
from 0, < 1.4.15+dfsg.1-1+deb11u6
HIGH7.5mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in re…
from 0, < 1.4.15+dfsg.1-1+deb11u4
HIGH7.5Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive informat…
from 0, < 1.3.8+dfsg.1-1
HIGH7.5roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg…
from 0, < 1.3.10+dfsg.1-1
HIGH7.5roundcube - security update
from 0, < 0.7.2-9+deb7u5
HIGH7.5roundcube - security update
from 0, < 1.2.3+dfsg.1-1
HIGH7.5roundcube - security update
from 0, < 1.1.4+dfsg.1-1
HIGH7.5roundcube - security update
from 0, < 0.7.2-9+deb7u2
HIGH7.5roundcube - security update
from 0, < 0.3.1-6+deb6u1
HIGH7.4Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
from 0
HIGH7.2Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CS…
from 0
HIGH7.2Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML…
from 0
MEDIUM6.5In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var()…
from 0
MEDIUM6.5In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to loc…
from 0
MEDIUM6.5An issue was discovered in Roundcube Webmail before 1.4.4.
from 0, < 1.4.4+dfsg.1-1
MEDIUM6.5program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbi…
from 0, < 1.1.2+dfsg.1-1
MEDIUM6.5Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote…
from 0, < 1.1.2+dfsg.1-1
MEDIUM6.1Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode
from 0, < 1.4.15+dfsg.1-1+deb11u8
MEDIUM6.1Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an emai…
from 0
MEDIUM6.1Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.
from 0, < 1.4.15+dfsg.1-1+deb11u3
MEDIUM6.1roundcube - security update
from 0, < 1.3.17+dfsg.1-1~deb10u5
MEDIUM6.1roundcube - security update
from 0, < 1.4.15+dfsg.1-1~deb11u2
MEDIUM6.1roundcube - security update
from 0, < 1.4.15+dfsg.1-1~deb11u2
MEDIUM6.1roundcube - security update
from 0, < 1.2.3+dfsg.1-4+deb9u10
MEDIUM6.1roundcube - security update
from 0, < 1.3.17+dfsg.1-1~deb10u2
MEDIUM6.1roundcube - security update
from 0, < 1.4.13+dfsg.1-1~deb11u1
MEDIUM6.1roundcube - security update
from 0, < 1.2.3+dfsg.1-4+deb9u9
MEDIUM6.1roundcube - security update
from 0, < 1.4.12+dfsg.1-1~deb11u1
MEDIUM6.1roundcube - security update
from 0, < 1.3.17+dfsg.1-1~deb10u1
MEDIUM6.1roundcube - security update
from 0, < 1.2.3+dfsg.1-4+deb9u7
MEDIUM6.1roundcube - security update
from 0, < 1.4.8+dfsg.1-1
MEDIUM6.1roundcube - security update
from 0, < 1.3.15+dfsg.1-1~deb10u1
MEDIUM6.1roundcube - security update
from 0, < 1.4.7+dfsg.1-1
MEDIUM6.1roundcube - security update
from 0, < 1.3.14+dfsg.1-1~deb10u1
MEDIUM6.1roundcube - security update
from 0, < 1.4.5+dfsg.1-1
MEDIUM6.1roundcube - security update
from 0, < 1.2.3+dfsg.1-4+deb9u5
MEDIUM6.1roundcube - security update
from 0, < 1.2.3+dfsg.1-4+deb9u4
MEDIUM6.1roundcube - security update
from 0, < 1.4.4+dfsg.1-1
MEDIUM6.1roundcube - security update
from 0, < 1.3.8+dfsg.1-1
MEDIUM6.1roundcube - security update
from 0, < 1.2.3+dfsg.1-4+deb9u3
MEDIUM6.1Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to i…
from 0, < 1.1.2+dfsg.1-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitra…
from 0, < 1.2.1+dfsg.1-1
MEDIUM6.1roundcube - security update
from 0, < 1.1.5+dfsg.1-1
MEDIUM6.1roundcube - security update
from 0, < 0.7.2-9+deb7u3
MEDIUM6.1roundcube - security update
from 0, < 1.2.3+dfsg.1-3
MEDIUM6.1roundcube - security update
from 0, < 0.7.2-9+deb7u6
MEDIUM6.1Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML v…
from 0, < 1.2.0+dfsg.1-1
MEDIUM6.1Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attac…
from 0, < 1.1.2+dfsg.1-1
MEDIUM5.4Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
from 0, < 1.4.15+dfsg.1-1+deb11u8
MEDIUM5.4Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.
from 0, < 1.4.5+dfsg.1-1
MEDIUM5.4Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.
from 0, < 1.4.5+dfsg.1-1
MEDIUM5.4Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
from 0, < 1.4.11+dfsg.1-1
MEDIUM5.3Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
from 0, < 1.4.15+dfsg.1-1+deb11u8
MEDIUM5.3Roundcube: Bypass of remote image blocking via crafted BODY background attribute
from 0, < 1.4.15+dfsg.1-1+deb11u8
MEDIUM5.3Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message
from 0, < 1.4.15+dfsg.1-1+deb11u8
MEDIUM5.3Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message
from 0, < 1.4.15+dfsg.1-1+deb11u8
MEDIUM4.7Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
from 0, < 1.4.15+dfsg.1-1+deb11u7
MEDIUM4.4In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to sto…
from 0
MEDIUM4.3roundcube - security update
from 0, < 1.6.5+dfsg-1+deb12u7
MEDIUM4.3roundcube - security update
from 0, < 1.4.15+dfsg.1-1+deb11u7
MEDIUM4.3roundcube - security update
from 0, < 1.4.15+dfsg.1-1+deb11u7
MEDIUM4.3In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted…
from 0, < 1.3.10+dfsg.1-1
MEDIUM4.2Roundcube Webmail: Incorrect password comparison in the password plugin
from 0, < 1.4.15+dfsg.1-1+deb11u8