5 results (0.002 seconds)

CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. La función textview_uri_security_check en el archivo textview.c en Claws Mail versiones anteriores a 3.18.0, y Sylpheed versiones hasta 3.7.0, no presenta suficientes comprobaciones de enlaces antes de aceptar un clic • https://claws-mail.org/download.php?file=releases/claws-mail-3.18.0.tar.xz https://git.claws-mail.org/?p=claws.git%3Ba=commit%3Bh=ac286a71ed78429e16c612161251b9ea90ccd431 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L2QNUIWASJLPUZZKWICGCEGYJZCQE7NH https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCJXHUSYHGVBSH2ULD7HNXLM7QNRECZ6 https://sylpheed.sraoss.jp/sylpheed/v3.7/sylpheed-3.7.0.tar.xz • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.8EPSS: 2%CPEs: 3EXPL: 0

Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies. Vulnerabilidad de formato de cadena en la función inc_put_error en src/inc.c en Sylpheed 2.4.4, y Sylpheed-Claws (Claws Mail) 1.9.100 y 2.10.0, permite a servidores POP3 remotos ejecutar código de su elección a través de especificaciones de formato de cadena en respuestas manipuladas. • http://bugs.gentoo.org/show_bug.cgi?id=190104 http://osvdb.org/40184 http://secunia.com/advisories/26550 http://secunia.com/advisories/26610 http://secunia.com/advisories/27229 http://secunia.com/advisories/27379 http://secunia.com/secunia_research/2007-70/advisory http://security.gentoo.org/glsa/glsa-200710-29.xml http://www.novell.com/linux/security/advisories/2007_20_sr.html http://www.securityfocus.com/bid/25430 http://www.vupen.com/english/advisories/2007/2971 •

CVSS: 2.6EPSS: 3%CPEs: 16EXPL: 0

Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character. • http://secunia.com/advisories/20476 http://secunia.com/advisories/20577 http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528 http://sylpheed.good-day.net/en/news.html%5C http://www.vupen.com/english/advisories/2006/2173 http://www.vupen.com/english/advisories/2006/2283 https://exchange.xforce.ibmcloud.com/vulnerabilities/27089 • CWE-20: Improper Input Validation •

CVSS: 5.1EPSS: 5%CPEs: 27EXPL: 0

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. • http://secunia.com/advisories/14491 http://securitytracker.com/id?1013376 http://sylpheed.good-day.net/changelog-devel.html.en http://sylpheed.good-day.net/changelog.html.en http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml http://www.redhat.com/support/errata/RHSA-2005-303.html https://access.redhat.com/security/cve/CVE-2005-0667 https://bugzilla.redhat.com/show_bug.cgi?id=1617556 •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0

Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message. Vulnerabilidad de cadena de formato en send_message.c de Sylpheed-claws 0.9.4 a 0.9.6a permite a servidores SMTP remotos causar una denegación (caída) en sylpheed mediante cadenas de formato en un mensaje de error. • http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html http://sylpheed.good-day.net/#changes http://www.guninski.com/sylph.html http://www.securityfocus.com/bid/8877 https://exchange.xforce.ibmcloud.com/vulnerabilities/13508 •