Vulnerabilities > Roundcube > Webmail > 1.1.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-1000071 | Incorrect Permission Assignment for Critical Resource vulnerability in Roundcube Webmail roundcube version 1.3.4 and earlier contains an Insecure Permissions vulnerability in enigma plugin that can result in exfiltration of gpg private key. | 7.5 |
| 2017-11-09 | CVE-2017-16651 | Files or Directories Accessible to External Parties vulnerability in multiple products Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem, including configuration files, as exploited in the wild in November 2017. | 7.8 |
| 2017-04-29 | CVE-2017-8114 | Improper Privilege Management vulnerability in Roundcube Webmail Roundcube Webmail allows arbitrary password resets by authenticated users. | 8.8 |