It was discovered that Roundcube Webmail did not properly sanitize certain HTML elements within the e-mail body. An attacker could possibly use this issue to cause a cross-site scripting attack. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-4068, CVE-2016-4069) It was discovered that Roundcube Webmail did not properly handle certain configuration parameters. An attacker could possibly use this issue to execute arbitrary code. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2016-9920) It was discovered that Roundcube Webmail did not properly sanitize CSS styles within SVG documents. An attacker could possibly use this issue to cause a cross-site scripting attack. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2017-6820) It was discovered that Roundcube Webmail did not properly restrict exec call in certain drivers of the password plugin. An authenticated user could possibly use this issue to perform arbitrary password resets. This issue was only addressed in Ubuntu 16.04 LTS. (CVE-2017-8114) It was discovered that Roundcube Webmail did not properly set file permissions within the Enigma plugin. An attacker could possibly use this issue to exfiltrate GPG private keys via network connectivity. (CVE-2018-1000071) It was discovered that Roundcube Webmail did not properly handle GnuPG MDC integrity-protection warnings. An attacker could possibly use this issue to obtain sensitive information from encrypted communications. (CVE-2018-19205) It was discovered that Roundcube Webmail did not properly sanitize and
Continue reading...
Continue reading...
