5 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. La función textview_uri_security_check en el archivo textview.c en Claws Mail versiones anteriores a 3.18.0, y Sylpheed versiones hasta 3.7.0, no presenta suficientes comprobaciones de enlaces antes de aceptar un clic • https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=ac286a71ed78429e16c612161251b9ea90ccd431 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L2QNUIWASJLPUZZKWICGCEGYJZCQE7NH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCJXHUSYHGVBSH2ULD7HNXLM7QNRECZ6 https://sylpheed.sraoss.jp/sylpheed/v3.7/sylpheed-3.7.0.tar.xz • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. libsylph/utils.c en Sylpheed 3.6 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podría permitir que atacantes remotos lleven a cabo ataques de inyección de argumentos mediante una URL manipulada. • https://security-tracker.debian.org/tracker/CVE-2017-17517 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1

Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Sylpheed 2.2.7 y anteriores no utilizan adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Sylpheed no distinga visualmente entre trozos firmados y no firmados de mensajes OpenPGP con múltiples componentes, lo cual permite a atacantes remotos falsificar el contenido de un mensaje si ser detectado. • http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html http://secunia.com/advisories/24414 http://securityreason.com/securityalert/2353 http://www.coresecurity.com/?action=item&id=1687 http://www.securityfocus.com/archive/1/461958/100/0/threaded http://www.securityfocus.com/archive/1/461958/30/7710/threaded http://www.securityfocus.com/bid/22777 http://www.securitytracker.com/id?1017727 http://www.vupen.com/english/advisories/2007/0835 •

CVSS: 2.6EPSS: 3%CPEs: 16EXPL: 0

Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character. • http://secunia.com/advisories/20476 http://secunia.com/advisories/20577 http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528 http://sylpheed.good-day.net/en/news.html%5C http://www.vupen.com/english/advisories/2006/2173 http://www.vupen.com/english/advisories/2006/2283 https://exchange.xforce.ibmcloud.com/vulnerabilities/27089 • CWE-20: Improper Input Validation •

CVSS: 5.1EPSS: 0%CPEs: 25EXPL: 0

Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines. • http://osvdb.org/20675 http://secunia.com/advisories/17492 http://secunia.com/advisories/17525 http://secunia.com/advisories/17540 http://secunia.com/advisories/17678 http://secunia.com/advisories/17831 http://sylpheed.good-day.net/en/news.html http://www.debian.org/security/2005/dsa-906 http://www.gentoo.org/security/en/glsa/glsa-200511-13.xml http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.securityfocus.com/bid/15363 http://w • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •