10 results (0.010 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. La función textview_uri_security_check en el archivo textview.c en Claws Mail versiones anteriores a 3.18.0, y Sylpheed versiones hasta 3.7.0, no presenta suficientes comprobaciones de enlaces antes de aceptar un clic • https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=ac286a71ed78429e16c612161251b9ea90ccd431 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L2QNUIWASJLPUZZKWICGCEGYJZCQE7NH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCJXHUSYHGVBSH2ULD7HNXLM7QNRECZ6 https://sylpheed.sraoss.jp/sylpheed/v3.7/sylpheed-3.7.0.tar.xz • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. libsylph/utils.c en Sylpheed 3.6 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podría permitir que atacantes remotos lleven a cabo ataques de inyección de argumentos mediante una URL manipulada. • https://security-tracker.debian.org/tracker/CVE-2017-17517 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 6.8EPSS: 2%CPEs: 3EXPL: 0

Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies. Vulnerabilidad de formato de cadena en la función inc_put_error en src/inc.c en Sylpheed 2.4.4, y Sylpheed-Claws (Claws Mail) 1.9.100 y 2.10.0, permite a servidores POP3 remotos ejecutar código de su elección a través de especificaciones de formato de cadena en respuestas manipuladas. • http://bugs.gentoo.org/show_bug.cgi?id=190104 http://osvdb.org/40184 http://secunia.com/advisories/26550 http://secunia.com/advisories/26610 http://secunia.com/advisories/27229 http://secunia.com/advisories/27379 http://secunia.com/secunia_research/2007-70/advisory http://security.gentoo.org/glsa/glsa-200710-29.xml http://www.novell.com/linux/security/advisories/2007_20_sr.html http://www.securityfocus.com/bid/25430 http://www.vupen.com/english/advisories/2007/2971 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1

Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Sylpheed 2.2.7 y anteriores no utilizan adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Sylpheed no distinga visualmente entre trozos firmados y no firmados de mensajes OpenPGP con múltiples componentes, lo cual permite a atacantes remotos falsificar el contenido de un mensaje si ser detectado. • http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html http://secunia.com/advisories/24414 http://securityreason.com/securityalert/2353 http://www.coresecurity.com/?action=item&id=1687 http://www.securityfocus.com/archive/1/461958/100/0/threaded http://www.securityfocus.com/archive/1/461958/30/7710/threaded http://www.securityfocus.com/bid/22777 http://www.securitytracker.com/id?1017727 http://www.vupen.com/english/advisories/2007/0835 •

CVSS: 2.6EPSS: 3%CPEs: 16EXPL: 0

Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character. • http://secunia.com/advisories/20476 http://secunia.com/advisories/20577 http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528 http://sylpheed.good-day.net/en/news.html%5C http://www.vupen.com/english/advisories/2006/2173 http://www.vupen.com/english/advisories/2006/2283 https://exchange.xforce.ibmcloud.com/vulnerabilities/27089 • CWE-20: Improper Input Validation •