pkg:Debian/roundcube
共 125 筆 CVECRITICAL10HIGH26MEDIUM64LOW3
✅ 檢查你的版本
所有已知漏洞
- from 0, < 1.6.5+dfsg-1+deb12u5
- from 0, < 1.4.15+dfsg.1-1+deb11u5
- from 0, < 1.4.15+dfsg.1-1+deb11u5
- from 0, < 1.4.12+dfsg.1-1~deb11u1
- from 0, < 1.4.4+dfsg.1-1
- from 0, < 1.4.15+dfsg.1-1+deb11u4
- from 0, < 1.2.3+dfsg.1-4+deb9u1
- from 0, < 0.7.2-9+deb7u9
- from 0, < 1.3.3+dfsg.1-1
- from 0, < 1.4.15+dfsg.1-1+deb11u6
- from 0, < 1.3.17+dfsg.1-1~deb10u6
- from 0, < 1.4.15+dfsg.1-1+deb11u3
- from 0, < 1.4.15+dfsg.1-1+deb11u3
- from 0, < 1.3.17+dfsg.1-1~deb10u3
- from 0, < 1.4.14+dfsg.1-1~deb11u1
- from 0, < 1.4.10+dfsg.1-1
- from 0, < 1.2.3+dfsg.1-4+deb9u8
- from 0, < 1.3.16+dfsg.1-1~deb10u1
- from 0, < 1.4.5+dfsg.1-1
- from 0, < 1.4.15+dfsg.1-1~deb11u1
- from 0, < 1.3.17+dfsg.1-1~deb10u4
- from 0, < 1.4.15+dfsg.1-1~deb11u1
- CRITICAL9.8CVE-2020-12640Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_p…from 0, < 1.4.4+dfsg.1-1
- from 0, < 1.4.15+dfsg.1-1+deb11u4
- from 0, < 1.6.5+dfsg-1+deb12u3
- from 0, < 1.4.15+dfsg.1-1+deb11u4
- from 0, < 1.3.6+dfsg.1-1
- from 0, < 1.2.3+dfsg.1-4+deb9u2
- from 0, < 0.7.2-9+deb7u7
- from 0, < 1.2.3+dfsg.1-4
- HIGH8.8CVE-2015-2181Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified…from 0, < 1.1.1+dfsg.1-2
- HIGH8.8CVE-2015-2180The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metachar…from 0, < 1.1.1+dfsg.1-2
- HIGH8.8CVE-2016-4069Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail before 1.1.5 allows remote attackers to hijack the authentication of u…from 0, < 1.1.5+dfsg.1-1
- HIGH8.1CVE-2026-48842Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_r…from 0
- HIGH7.5CVE-2026-48844Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could le…from 0
- from 0, < 1.6.5+dfsg-1+deb12u6
- from 0, < 1.4.15+dfsg.1-1+deb11u6
- from 0, < 1.4.15+dfsg.1-1+deb11u6
- HIGH7.5CVE-2024-42010mod_css_styles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 insufficiently filters Cascading Style Sheets (CSS) token sequences in re…from 0, < 1.4.15+dfsg.1-1+deb11u4
- HIGH7.5CVE-2018-19205Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive informat…from 0, < 1.3.8+dfsg.1-1
- HIGH7.5CVE-2018-1000071roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg…from 0, < 1.3.10+dfsg.1-1
- from 0, < 0.7.2-9+deb7u5
- from 0, < 1.2.3+dfsg.1-1
- from 0, < 1.1.4+dfsg.1-1
- from 0, < 0.7.2-9+deb7u2
- from 0, < 0.3.1-6+deb6u1
- HIGH7.4CVE-2019-15237Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.from 0
- HIGH7.2CVE-2026-48848Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CS…from 0
- HIGH7.2CVE-2026-48843Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML…from 0
- MEDIUM6.5CVE-2026-48846In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var()…from 0
- MEDIUM6.5CVE-2026-48845In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to loc…from 0
- from 0, < 1.4.4+dfsg.1-1
- MEDIUM6.5CVE-2015-5382program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbi…from 0, < 1.1.2+dfsg.1-1
- MEDIUM6.5CVE-2015-8794Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote…from 0, < 1.1.2+dfsg.1-1
- from 0, < 1.4.15+dfsg.1-1+deb11u8
- MEDIUM6.1CVE-2024-57004Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an emai…from 0
- MEDIUM6.1CVE-2024-37384Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.from 0, < 1.4.15+dfsg.1-1+deb11u3
- from 0, < 1.3.17+dfsg.1-1~deb10u5
- from 0, < 1.4.15+dfsg.1-1~deb11u2
- from 0, < 1.4.15+dfsg.1-1~deb11u2
- from 0, < 1.2.3+dfsg.1-4+deb9u10
- from 0, < 1.3.17+dfsg.1-1~deb10u2
- from 0, < 1.4.13+dfsg.1-1~deb11u1
- from 0, < 1.2.3+dfsg.1-4+deb9u9
- from 0, < 1.4.12+dfsg.1-1~deb11u1
- from 0, < 1.3.17+dfsg.1-1~deb10u1
- from 0, < 1.2.3+dfsg.1-4+deb9u7
- from 0, < 1.4.8+dfsg.1-1
- from 0, < 1.3.15+dfsg.1-1~deb10u1
- from 0, < 1.4.7+dfsg.1-1
- from 0, < 1.3.14+dfsg.1-1~deb10u1
- from 0, < 1.4.5+dfsg.1-1
- from 0, < 1.2.3+dfsg.1-4+deb9u5
- from 0, < 1.2.3+dfsg.1-4+deb9u4
- from 0, < 1.4.4+dfsg.1-1
- from 0, < 1.3.8+dfsg.1-1
- from 0, < 1.2.3+dfsg.1-4+deb9u3
- MEDIUM6.1CVE-2015-5381Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to i…from 0, < 1.1.2+dfsg.1-1
- MEDIUM6.1CVE-2016-4068Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitra…from 0, < 1.2.1+dfsg.1-1
- from 0, < 1.1.5+dfsg.1-1
- from 0, < 0.7.2-9+deb7u3
- from 0, < 1.2.3+dfsg.1-3
- from 0, < 0.7.2-9+deb7u6
- MEDIUM6.1CVE-2016-4552Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML v…from 0, < 1.2.0+dfsg.1-1
- MEDIUM6.1CVE-2015-8793Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attac…from 0, < 1.1.2+dfsg.1-1
- from 0, < 1.4.15+dfsg.1-1+deb11u8
- MEDIUM5.4CVE-2020-18671Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php.from 0, < 1.4.5+dfsg.1-1
- MEDIUM5.4CVE-2020-18670Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php.from 0, < 1.4.5+dfsg.1-1
- MEDIUM5.4CVE-2021-26925Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.from 0, < 1.4.11+dfsg.1-1
- from 0, < 1.4.15+dfsg.1-1+deb11u8
- MEDIUM5.3CVE-2026-35542Roundcube: Bypass of remote image blocking via crafted BODY background attributefrom 0, < 1.4.15+dfsg.1-1+deb11u8
- MEDIUM5.3CVE-2026-35545Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail messagefrom 0, < 1.4.15+dfsg.1-1+deb11u8
- MEDIUM5.3CVE-2026-35543Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail messagefrom 0, < 1.4.15+dfsg.1-1+deb11u8
- MEDIUM4.7CVE-2026-26079Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.from 0, < 1.4.15+dfsg.1-1+deb11u7
- MEDIUM4.4CVE-2026-48849In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to sto…from 0
- from 0, < 1.6.5+dfsg-1+deb12u7
- from 0, < 1.4.15+dfsg.1-1+deb11u7
- from 0, < 1.4.15+dfsg.1-1+deb11u7
- MEDIUM4.3CVE-2019-10740In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted…from 0, < 1.3.10+dfsg.1-1
- from 0, < 1.4.15+dfsg.1-1+deb11u8
- LOW3.7CVE-2026-48847Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session…from 0
- from 0, < 1.6.5+dfsg-1+deb12u8
- from 0, < 1.4.15+dfsg.1-1+deb11u8
- from 0, < 0.1.1-9
- —CVE-2015-8105Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authen…from 0, < 1.1.3+dfsg.1-1
- —CVE-2015-1433program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct…from 0, < 0.9.5+dfsg1-4.2
- from 0, < 1.1.1+dfsg.1-2
- from 0, < 0.7.2-9+deb7u4
- —CVE-2013-1904Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote att…from 0, < 0.7.2-9
- from 0, < 0.7.2-9+deb7u1
- from 0, < 0.9.4-1.1
- —CVE-2013-5645Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitr…from 0, < 0.9.4-1
- —CVE-2012-4668Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or H…from 0, < 0.7.2-4
- —CVE-2012-3508Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary…from 0, < 0.7.2-4
- —CVE-2012-1253Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject…from 0, < 0.7-1
- —CVE-2011-4078include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET reques…from 0, < 0.6+dfsg-1
- —CVE-2011-2937Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inje…from 0, < 0.5.4+dfsg-1
- —CVE-2011-1492steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not properly verify that a request is an expected request for an external Cas…from 0, < 0.5.1-1
- —CVE-2011-1491The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which mak…from 0, < 0.5.1-1
- —CVE-2010-0464Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which…from 0, < 0.3.1-3
- —CVE-2009-4077Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication…from 0, < 0.3-1
- —CVE-2009-4076Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication…from 0, < 0.3-1
- —CVE-2009-0413Cross-site scripting (XSS) vulnerability in RoundCube Webmail (roundcubemail) 0.2 stable allows remote attackers to inject arbitrary web sc…from 0, < 0.2~stable-1
- —CVE-2008-5620RoundCube Webmail (roundcubemail) before 0.2-beta allows remote attackers to cause a denial of service (memory consumption) via crafted siz…from 0, < 0.1.1-10
- —CVE-2007-6321Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allow…from 0, < 0.1~rc2-6