CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37746
https://notcve.org/view.php?id=CVE-2021-37746
30 Jul 2021 — textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. La función textview_uri_security_check en el archivo textview.c en Claws Mail versiones anteriores a 3.18.0, y Sylpheed versiones hasta 3.7.0, no presenta suficientes comprobaciones de enlaces antes de aceptar un clic • https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-16094
https://notcve.org/view.php?id=CVE-2020-16094
28 Jul 2020 — In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. En imap_scan_tree_recursive en Claws Mail versiones hasta 3.17.6, un servidor IMAP malicioso puede desencadenar un consumo de pila debido a la recursividad ilimitada en subdirectorios durante una recompilación del árbol de carpetas • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CRKHUOVTJBHT53J4CYU53PXYYQKSGEA • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2020-15917 – Gentoo Linux Security Advisory 202007-56
https://notcve.org/view.php?id=CVE-2020-15917
23 Jul 2020 — common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. El archivo common/session.c en Claws Mail versiones anteriores a 3.17.6, presenta una violación de protocolo porque los datos del sufijo después de STARTTLS son manejados inapropiadamente A vulnerability was discovered in Claws Mail's STARTTLS handling, possibly allowing an integrity/confidentiality compromise. Versions less than 3.17.6 are affected. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00090.html •
CVSS: 5.5EPSS: 2%CPEs: 1EXPL: 0CVE-2012-5527
https://notcve.org/view.php?id=CVE-2012-5527
25 Nov 2019 — Claws Mail vCalendar plugin: credentials exposed on interface El plugin Claws Mail vCalendar: expuso credenciales en la interfaz. • http://www.openwall.com/lists/oss-security/2012/11/28/10 • CWE-522: Insufficiently Protected Credentials •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10735
https://notcve.org/view.php?id=CVE-2019-10735
07 Apr 2019 — In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. En Claws Mail 3.14.1 un atacante que posea corr... • https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2015-8708 – Gentoo Linux Security Advisory 201606-11
https://notcve.org/view.php?id=CVE-2015-8708
11 Apr 2016 — Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614. Desbordamiento de buffer basado en pila en la función conv_euctojis en codeconv.c en Claws Mail 3.13.1 permite a atacantes remotos tener un impacto no especificado a través de un correo electrónico manipulado, implicando l... • http://www.openwall.com/lists/oss-security/2015/12/31/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2015-8614 – Gentoo Linux Security Advisory 201606-11
https://notcve.org/view.php?id=CVE-2015-8614
25 Jan 2016 — Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. Múltiples desbordamientos de buffer basado en pila en las funciones (1) conv_jistoeuc, (2) conv_euctojis y (3) conv_sjistoeuc en codeconv.c en Claws Mail en versiones anteriores a 3.13.1 permiten a atacantes remotos tener un impacto no es... • http://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=d390fa07f5548f3173dd9cc13b233db5ce934c82 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2014-2576
https://notcve.org/view.php?id=CVE-2014-2576
15 Oct 2014 — plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. plugins/rssyl/feed.c en Claws Mail anterior a 3.10.0 deshabilita el check CURLOPT_SSL_VERYHOST para un los campos de nombre de anfitrión en CN o SAN, lo cual facilita a atacantes remotos la suplantación de servidores y la ejecución de ataques man-in-the-middle (MITM). • http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2012-4507
https://notcve.org/view.php?id=CVE-2012-4507
22 Oct 2012 — The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email. La función strchr en procmime.c en Claws Mail (alias claws-mail) v3.8.1 permite a atacantes remotos provocar una denegación de servicio (desreferencia de puntero NULL y caída) mediante un correo electrónico modificado. • http://lists.opensuse.org/opensuse-updates/2012-10/msg00064.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6208
https://notcve.org/view.php?id=CVE-2007-6208
04 Dec 2007 — sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file. sylprint.pl de claws mail tools (claws-mail-tools) permite a usuarios locales sobrescribir ficheros de su elección mediante un ataque de enlaces simbólicos en el fichero temporal sylprint.[USER].[PID] • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454089 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •