Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12641 | 2 Opensuse, Roundcube | 3 Backports Sle, Leap, Webmail | 2022-04-29 | 7.5 HIGH | 9.8 CRITICAL |
| rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | |||||
| CVE-2021-44026 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2021-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. | |||||
| CVE-2020-12640 | 1 Roundcube | 1 Webmail | 2020-09-24 | 7.5 HIGH | 9.8 CRITICAL |
| Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | |||||