CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37746
https://notcve.org/view.php?id=CVE-2021-37746
textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. La función textview_uri_security_check en el archivo textview.c en Claws Mail versiones anteriores a 3.18.0, y Sylpheed versiones hasta 3.7.0, no presenta suficientes comprobaciones de enlaces antes de aceptar un clic • https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=ac286a71ed78429e16c612161251b9ea90ccd431 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L2QNUIWASJLPUZZKWICGCEGYJZCQE7NH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCJXHUSYHGVBSH2ULD7HNXLM7QNRECZ6 https://sylpheed.sraoss.jp/sylpheed/v3.7/sylpheed-3.7.0.tar.xz • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-16094
https://notcve.org/view.php?id=CVE-2020-16094
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. En imap_scan_tree_recursive en Claws Mail versiones hasta 3.17.6, un servidor IMAP malicioso puede desencadenar un consumo de pila debido a la recursividad ilimitada en subdirectorios durante una recompilación del árbol de carpetas • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CRKHUOVTJBHT53J4CYU53PXYYQKSGEA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBLHUG2UCXVABAGN5FVTD3AB3YKE5NN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNJIXYDMSXYDII4ERMQ4EEKZX64U3QR4 https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313 • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0CVE-2020-15917
https://notcve.org/view.php?id=CVE-2020-15917
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. El archivo common/session.c en Claws Mail versiones anteriores a 3.17.6, presenta una violación de protocolo porque los datos del sufijo después de STARTTLS son manejados inapropiadamente • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES https://git.claws-mail.org/?p=claws.git%3Ba=commit% •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-8708
https://notcve.org/view.php?id=CVE-2015-8708
Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614. Desbordamiento de buffer basado en pila en la función conv_euctojis en codeconv.c en Claws Mail 3.13.1 permite a atacantes remotos tener un impacto no especificado a través de un correo electrónico manipulado, implicando la conversión del conjunto de caracteres Japanese. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-8614. • http://www.openwall.com/lists/oss-security/2015/12/31/1 https://security.gentoo.org/glsa/201606-11 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-8614
https://notcve.org/view.php?id=CVE-2015-8614
Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. Múltiples desbordamientos de buffer basado en pila en las funciones (1) conv_jistoeuc, (2) conv_euctojis y (3) conv_sjistoeuc en codeconv.c en Claws Mail en versiones anteriores a 3.13.1 permiten a atacantes remotos tener un impacto no especificado a través de un correo electrónico manipulado, implicando la conversión del conjunto de caracteres Japanese. • http://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=d390fa07f5548f3173dd9cc13b233db5ce934c82 http://lists.opensuse.org/opensuse-updates/2016-01/msg00000.html http://www.claws-mail.org/news.php http://www.debian.org/security/2016/dsa-3452 http://www.openwall.com/lists/oss-security/2015/12/21/10 http://www.openwall.com/lists/oss-security/2015/12/22/2 http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557 https://security.gentoo.org/glsa/201606-11 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •