CVSS: 9.8EPSS: 80%CPEs: 7EXPL: 2CVE-2020-12641 – Roundcube Webmail Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-12641
04 May 2020 — rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. El archivo rcube_image.php en Roundcube Webmail versiones anteriores a la versión 1.4.4, permite a atacantes ejecutar código arbitrario por medio de metacaracteres de shell en un ajuste de configuración para im_convert_path o im_identify_path. Roundcube Webmail contains an remote code execution vulnerability that allows atta... • https://github.com/mbadanoiu/CVE-2020-12641 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 4%CPEs: 7EXPL: 2CVE-2020-12625 – Debian Security Advisory 4674-1
https://notcve.org/view.php?id=CVE-2020-12625
04 May 2020 — An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. Se detectó un problema en Roundcube Webmail versiones anteriores a 1.4.4. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo rcube_washtml.php porque el código JavaScript puede aparecer en el CDATA de un mensaje HTML. It was discovered that roundcube, a skinnable AJAX based webmail s... • https://github.com/mbadanoiu/CVE-2020-12625 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 3EXPL: 1CVE-2020-12626 – Debian Security Advisory 4674-1
https://notcve.org/view.php?id=CVE-2020-12626
04 May 2020 — An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. Se detectó un problema en Roundcube Webmail versiones anteriores a 1.4.4. Un ataque de tipo CSRF puede causar que un usuario autenticado cierre sesión porque POST no se consideró. It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. • https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15237
https://notcve.org/view.php?id=CVE-2019-15237
20 Aug 2019 — Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks. Roundcube Webmail versiones hasta 1.3.9, maneja inapropiadamente los nombres de dominio Punycode xn--, conllevando a ataques homográficos. • https://github.com/roundcube/roundcubemail/issues/6891 •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10740
https://notcve.org/view.php?id=CVE-2019-10740
07 Apr 2019 — In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. En Roundcube Webmail en versiones... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00083.html • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19205
https://notcve.org/view.php?id=CVE-2018-19205
12 Nov 2018 — Roundcube before 1.3.7 mishandles GnuPG MDC integrity-protection warnings, which makes it easier for attackers to obtain sensitive information, a related issue to CVE-2017-17688. This is associated with plugins/enigma/lib/enigma_driver_gnupg.php. Roundcube en versiones anteriores a la 1.3.7 gestiona de manera incorrecta las advertencias de integridad/protección GnuPG MDC, lo que facilita que los atacantes obtengan información sensible. Esto está relacionado con CVE-2017-17688. Esto está asociado con plugins... • https://github.com/roundcube/roundcubemail/releases/tag/1.3.7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 2%CPEs: 2EXPL: 0CVE-2018-19206 – Debian Security Advisory 4344-1
https://notcve.org/view.php?id=CVE-2018-19206
12 Nov 2018 — steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of <svg><style>, as demonstrated by an onload attribute in a BODY element, within an HTML attachment. steps/mail/func.inc en Roundcube en versiones anteriores a la 1.3.8 tiene Cross-Site Scripting (XSS) mediante el uso manipulado de Aidan Marlin discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to a cross-site scripting vulnerability in handling invalid style tag content. • https://github.com/roundcube/roundcubemail/releases/tag/1.3.8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 1%CPEs: 12EXPL: 1CVE-2017-17688
https://notcve.org/view.php?id=CVE-2017-17688
16 May 2018 — The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification ** EN DISPUTA ** La especificación OpenPGP permite un ataque malleability-gadget Cipher Feedback Mode (CFB) que puede conducir indirectamente a la exfiltra... • http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9846 – Debian Security Advisory 4181-1
https://notcve.org/view.php?id=CVE-2018-9846
07 Apr 2018 — In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism. En Roundcube, de las versiones 1.2.0 a 1.3.5, con el plugin arc... • https://github.com/roundcube/roundcubemail/issues/6229 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000071
https://notcve.org/view.php?id=CVE-2018-1000071
13 Mar 2018 — roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. This attack appear to be exploitable via network connectivity. roundcube, en versiones 1.3.4 y anteriores, contiene una vulnerabilidad de permisos inseguros en el plugin enigma que puede resultar en la exfiltración de la clave privada gpgp. Este ataque parece ser explotable mediante conectividad de red. • https://github.com/roundcube/roundcubemail/issues/6173 • CWE-732: Incorrect Permission Assignment for Critical Resource •