Latest Vulnerabilities Affecting Roundcube products

The following table presents a summary of the vulnerabilities affecting Roundcube products. As of today, a total of 46 vulnerabilities were reported for this product, the risk distribution is:
  • 2 critical risk vulnerabilities
  • 2 high risk vulnerabilities
  • 37 medium risk vulnerabilities
  • 5 low risk vulnerabilities
The first vulnerability was reported on 2005-12-20, while the last reported vulnerability was reported on 2019-08-20. If you are aware of any missing vulnerabilities for this product, please contact us using the contact form.
Date CVE Title CVSS
2019-08-20 CVE-2019-15237 Input Validation vulnerability in Roundcube Webmail 1.3.9 Medium
2019-04-07 CVE-2019-10740 Insufficient Information vulnerability in Roundcube Webmail 1.3.4 Medium
2018-11-12 CVE-2018-19205 Information Leak / Disclosure vulnerability in Roundcube 1.3.7 Medium
2018-05-16 CVE-2017-17688 Insufficient Information vulnerability in multiple products Medium
2018-04-07 CVE-2018-9846 Input Validation vulnerability in Debian and Roundcube products Medium
2018-03-13 CVE-2018-1000071 Undefined vulnerability in Roundcube Webmail 1.3.4 Medium
2017-11-09 CVE-2017-16651 Files or Directories Accessible to External Parties vulnerability in Debian and Roundcube products Medium
2017-05-23 CVE-2015-5382 Information Leak / Disclosure vulnerability in Roundcube Webmail and Webmail Medium
2017-05-23 CVE-2015-5381 Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail and Webmail Medium
2017-05-23 CVE-2015-5383 Information Leak / Disclosure vulnerability in Roundcube Webmail and Webmail Medium
2017-04-29 CVE-2017-8114 Undefined vulnerability in Roundcube Webmail and Webmail Medium
2017-04-13 CVE-2015-8864 Cross-Site Scripting (XSS) vulnerability in Opensuse and Roundcube products Medium
2017-04-13 CVE-2016-4068 Cross-Site Scripting (XSS) vulnerability in Opensuse and Roundcube products Medium
2017-03-12 CVE-2017-6820 Cross-Site Scripting (XSS) vulnerability in Roundcube Webmail Medium
2017-01-30 CVE-2015-2181 Buffer Errors vulnerability in Roundcube Webmail Medium