Upstream information
Description
Multiple buffer overflows in the DBMail driver in the Password plugin in Roundcube before 1.1.0 allow remote attackers to have unspecified impact via the (1) password or (2) username.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 6.5 |
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | Partial |
SUSE Security Advisories:
- openSUSE-SU-2015:1240-1
openSUSE-SU-2016:2108-1
openSUSE-SU-2016:2109-1
openSUSE-SU-2016:2127-1
- openSUSE-SU-2016:3038-1, published Fri Dec 8 15:48:25 2023
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-10491 |
SUSE Timeline for this CVE
CVE page created: Sun Apr 24 02:15:18 2016CVE page last modified: Sat Jun 15 22:32:00 2024