CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-2576
https://notcve.org/view.php?id=CVE-2014-2576
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. plugins/rssyl/feed.c en Claws Mail anterior a 3.10.0 deshabilita el check CURLOPT_SSL_VERYHOST para un los campos de nombre de anfitrión en CN o SAN, lo cual facilita a atacantes remotos la suplantación de servidores y la ejecución de ataques man-in-the-middle (MITM). • http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html http://seclists.org/oss-sec/2014/q1/636 http://secunia.com/advisories/60422 http://sourceforge.net/p/claws-mail/news/2014/05/claws-mail-3100-unleashed http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 0CVE-2012-4507
https://notcve.org/view.php?id=CVE-2012-4507
The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email. La función strchr en procmime.c en Claws Mail (alias claws-mail) v3.8.1 permite a atacantes remotos provocar una denegación de servicio (desreferencia de puntero NULL y caída) mediante un correo electrónico modificado. • http://lists.opensuse.org/opensuse-updates/2012-10/msg00064.html http://www.openwall.com/lists/oss-security/2012/10/09/1 http://www.openwall.com/lists/oss-security/2012/10/09/3 http://www.openwall.com/lists/oss-security/2012/10/10/3 http://www.securityfocus.com/bid/55837 http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743 https://bugzilla.redhat.com/show_bug.cgi?id=862578 •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6208
https://notcve.org/view.php?id=CVE-2007-6208
sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file. sylprint.pl de claws mail tools (claws-mail-tools) permite a usuarios locales sobrescribir ficheros de su elección mediante un ataque de enlaces simbólicos en el fichero temporal sylprint.[USER].[PID] • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454089 http://osvdb.org/42478 http://secunia.com/advisories/27897 http://secunia.com/advisories/28402 http://security.gentoo.org/glsa/glsa-200801-03.xml http://www.securityfocus.com/bid/26676 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •