9 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. La función textview_uri_security_check en el archivo textview.c en Claws Mail versiones anteriores a 3.18.0, y Sylpheed versiones hasta 3.7.0, no presenta suficientes comprobaciones de enlaces antes de aceptar un clic • https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=ac286a71ed78429e16c612161251b9ea90ccd431 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L2QNUIWASJLPUZZKWICGCEGYJZCQE7NH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCJXHUSYHGVBSH2ULD7HNXLM7QNRECZ6 https://sylpheed.sraoss.jp/sylpheed/v3.7/sylpheed-3.7.0.tar.xz • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1

In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. En imap_scan_tree_recursive en Claws Mail versiones hasta 3.17.6, un servidor IMAP malicioso puede desencadenar un consumo de pila debido a la recursividad ilimitada en subdirectorios durante una recompilación del árbol de carpetas • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CRKHUOVTJBHT53J4CYU53PXYYQKSGEA https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JUBLHUG2UCXVABAGN5FVTD3AB3YKE5NN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YNJIXYDMSXYDII4ERMQ4EEKZX64U3QR4 https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313 • CWE-674: Uncontrolled Recursion •

CVSS: 9.8EPSS: 1%CPEs: 7EXPL: 0

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. El archivo common/session.c en Claws Mail versiones anteriores a 3.17.6, presenta una violación de protocolo porque los datos del sufijo después de STARTTLS son manejados inapropiadamente • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00013.html https://git.claws-mail.org/?p=claws.git%3Ba=blob%3Bf=RELEASE_NOTES https://git.claws-mail.org/?p=claws.git%3Ba=commit% •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. En Claws Mail 3.14.1 un atacante que posea correos electrónicos cifrados en S/MIME o PGP puede envolverlos como subpartes de un correo electrónico multiparte manipulado. • https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614. Desbordamiento de buffer basado en pila en la función conv_euctojis en codeconv.c en Claws Mail 3.13.1 permite a atacantes remotos tener un impacto no especificado a través de un correo electrónico manipulado, implicando la conversión del conjunto de caracteres Japanese. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-8614. • http://www.openwall.com/lists/oss-security/2015/12/31/1 https://security.gentoo.org/glsa/201606-11 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •