Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 71 results


CVE-2024-42010

Medium priority
Needs evaluation

mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-42009

Medium priority
Needs evaluation

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue...

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-42008

Medium priority
Needs evaluation

A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a...

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38357

Medium priority
Needs evaluation

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed...

2 affected packages

roundcube, tinymce

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tinymce Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-38356

Medium priority
Needs evaluation

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the `noneditable_regexp` option, specially crafted HTML attributes containing...

2 affected packages

roundcube, tinymce

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tinymce Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-37385

Medium priority
Not affected

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-37384

Medium priority
Fixed

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-37383

Medium priority
Fixed

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Fixed Fixed Fixed Not affected
Show less packages

CVE-2023-47272

Medium priority

Some fixes available 3 of 4

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Fixed Fixed Not affected Not affected
Show less packages

CVE-2023-5631

High priority

Some fixes available 4 of 5

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote...

1 affected packages

roundcube

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
roundcube Not affected Fixed Fixed Fixed Not affected
Show less packages