Matthieu Faou and Denys Klymenko discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-5631)
Rene Rehme discovered that Roundcube incorrectly handled certain headers. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-47272)
Valentin T. and Lutz Wolf discovered that Roundcube incorrectly handled certain SVG images. A remote attacker could possibly use this issue to load arbitrary JavaScript code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2024-37383)
Huy Nguyễn Phạm Nhật discovered that Roundcube incorrectly handled certain fields in user preferences. A remote attacker could possibly use this issue to load arbitrary JavaScript code. (CVE-2024-37384)
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "roundcube", "binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm4" }, { "binary_name": "roundcube-core", "binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm4" }, { "binary_name": "roundcube-mysql", "binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm4" }, { "binary_name": "roundcube-pgsql", "binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm4" }, { "binary_name": "roundcube-plugins", "binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm4" }, { "binary_name": "roundcube-sqlite3", "binary_version": "1.2~beta+dfsg.1-0ubuntu1+esm4" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "roundcube", "binary_version": "1.3.6+dfsg.1-1ubuntu0.1~esm4" }, { "binary_name": "roundcube-core", "binary_version": "1.3.6+dfsg.1-1ubuntu0.1~esm4" }, { "binary_name": "roundcube-mysql", "binary_version": "1.3.6+dfsg.1-1ubuntu0.1~esm4" }, { "binary_name": "roundcube-pgsql", "binary_version": "1.3.6+dfsg.1-1ubuntu0.1~esm4" }, { "binary_name": "roundcube-plugins", "binary_version": "1.3.6+dfsg.1-1ubuntu0.1~esm4" }, { "binary_name": "roundcube-sqlite3", "binary_version": "1.3.6+dfsg.1-1ubuntu0.1~esm4" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "roundcube", "binary_version": "1.4.3+dfsg.1-1ubuntu0.1~esm4" }, { "binary_name": "roundcube-core", "binary_version": "1.4.3+dfsg.1-1ubuntu0.1~esm4" }, { "binary_name": "roundcube-mysql", "binary_version": "1.4.3+dfsg.1-1ubuntu0.1~esm4" }, { "binary_name": "roundcube-pgsql", "binary_version": "1.4.3+dfsg.1-1ubuntu0.1~esm4" }, { "binary_name": "roundcube-plugins", "binary_version": "1.4.3+dfsg.1-1ubuntu0.1~esm4" }, { "binary_name": "roundcube-sqlite3", "binary_version": "1.4.3+dfsg.1-1ubuntu0.1~esm4" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_name": "roundcube", "binary_version": "1.5.0+dfsg.1-2ubuntu0.1~esm3" }, { "binary_name": "roundcube-core", "binary_version": "1.5.0+dfsg.1-2ubuntu0.1~esm3" }, { "binary_name": "roundcube-mysql", "binary_version": "1.5.0+dfsg.1-2ubuntu0.1~esm3" }, { "binary_name": "roundcube-pgsql", "binary_version": "1.5.0+dfsg.1-2ubuntu0.1~esm3" }, { "binary_name": "roundcube-plugins", "binary_version": "1.5.0+dfsg.1-2ubuntu0.1~esm3" }, { "binary_name": "roundcube-sqlite3", "binary_version": "1.5.0+dfsg.1-2ubuntu0.1~esm3" } ] }