CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-37746
https://notcve.org/view.php?id=CVE-2021-37746
30 Jul 2021 — textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. La función textview_uri_security_check en el archivo textview.c en Claws Mail versiones anteriores a 3.18.0, y Sylpheed versiones hasta 3.7.0, no presenta suficientes comprobaciones de enlaces antes de aceptar un clic • https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17517
https://notcve.org/view.php?id=CVE-2017-17517
14 Dec 2017 — libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. libsylph/utils.c en Sylpheed 3.6 no valida cadenas antes de iniciar el programa especificado por la variable de entorno BROWSER. Esto podría permitir que atacantes remotos lleven a cabo ataques de inyección de argumentos mediante una URL manipulada. • https://security-tracker.debian.org/tracker/CVE-2017-17517 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2007-1267 – Core Security Technologies Advisory 2007.0115
https://notcve.org/view.php?id=CVE-2007-1267
06 Mar 2007 — Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Sylpheed 2.2.7 y anteriores no utilizan adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Sylpheed no distinga visualmente entre trozos firmados y no firmados de mensaj... • http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html •
CVSS: 9.1EPSS: 1%CPEs: 16EXPL: 0CVE-2006-2920
https://notcve.org/view.php?id=CVE-2006-2920
09 Jun 2006 — Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character. • http://secunia.com/advisories/20476 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 25EXPL: 0CVE-2005-3354 – Ubuntu Security Notice 237-1
https://notcve.org/view.php?id=CVE-2005-3354
20 Nov 2005 — Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines. Kurt Fitzner discovered that the NBD (network block device) server did not correctly verify the maximum size of request packets. By sending specially crafted large request packets, a remote attacker who is allowed to access the server could exploit this to execute arbitrary code with root privileges. • http://osvdb.org/20675 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0CVE-2005-0926
https://notcve.org/view.php?id=CVE-2005-0926
29 Mar 2005 — Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names. • http://sylpheed.good-day.net/changelog.html.en •
CVSS: 9.8EPSS: 3%CPEs: 27EXPL: 0CVE-2005-0667 – Gentoo Linux Security Advisory 200503-26
https://notcve.org/view.php?id=CVE-2005-0667
07 Mar 2005 — Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. Sylpheed and Sylpheed-claws fail to properly handle non-ASCII characters in email headers when composing reply messages. Versions less than 1.0.3 are affected. • http://secunia.com/advisories/14491 •