CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37746
https://notcve.org/view.php?id=CVE-2021-37746
30 Jul 2021 — textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. La función textview_uri_security_check en el archivo textview.c en Claws Mail versiones anteriores a 3.18.0, y Sylpheed versiones hasta 3.7.0, no presenta suficientes comprobaciones de enlaces antes de aceptar un clic • https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17517
https://notcve.org/view.php?id=CVE-2017-17517
14 Dec 2017 — libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. libsylph/utils.c en Sylpheed 3.6 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podría permitir que atacantes remotos lleven a cabo ataques de inyección de argumentos mediante una URL manipulada. • https://security-tracker.debian.org/tracker/CVE-2017-17517 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2007-2958
https://notcve.org/view.php?id=CVE-2007-2958
27 Aug 2007 — Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies. Vulnerabilidad de formato de cadena en la función inc_put_error en src/inc.c en Sylpheed 2.4.4, y Sylpheed-Claws (Claws Mail) 1.9.100 y 2.10.0, permite a servidores POP3 remotos ejecutar código de su elección a través de especificaciones de formato de cadena en respue... • http://bugs.gentoo.org/show_bug.cgi?id=190104 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-1267
https://notcve.org/view.php?id=CVE-2007-1267
06 Mar 2007 — Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Sylpheed 2.2.7 y anteriores no utilizan adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Sylpheed no distinga visualmente entre trozos firmados y no firmados de mensaj... • http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html •
CVSS: 9.1EPSS: 0%CPEs: 16EXPL: 0CVE-2006-2920
https://notcve.org/view.php?id=CVE-2006-2920
09 Jun 2006 — Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character. • http://secunia.com/advisories/20476 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 25EXPL: 0CVE-2005-3354
https://notcve.org/view.php?id=CVE-2005-3354
20 Nov 2005 — Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines. • http://osvdb.org/20675 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2005-0926
https://notcve.org/view.php?id=CVE-2005-0926
29 Mar 2005 — Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names. • http://sylpheed.good-day.net/changelog.html.en •
CVSS: 9.8EPSS: 3%CPEs: 27EXPL: 0CVE-2005-0667
https://notcve.org/view.php?id=CVE-2005-0667
07 Mar 2005 — Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. • http://secunia.com/advisories/14491 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2003-0852
https://notcve.org/view.php?id=CVE-2003-0852
25 Oct 2003 — Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message. Vulnerabilidad de cadena de formato en send_message.c de Sylpheed-claws 0.9.4 a 0.9.6a permite a servidores SMTP remotos causar una denegación (caída) en sylpheed mediante cadenas de formato en un mensaje de error. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2003-0300
https://notcve.org/view.php?id=CVE-2003-0300
15 May 2003 — The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Sylpheed 0.8.11 permite que servidores IMAP remotos dañinos originen una denegación de servicio (caída) mediante ciertos tamaños literales muy largos que causan desbordamientos de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •