textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.
Max CVSS
6.1
EPSS Score
0.10%
Published
2021-07-30
Updated
2021-09-20
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
Max CVSS
7.5
EPSS Score
0.24%
Published
2020-07-28
Updated
2022-01-04
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
Max CVSS
9.8
EPSS Score
2.12%
Published
2020-07-23
Updated
2022-11-16
Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8614.
Max CVSS
7.5
EPSS Score
0.20%
Published
2016-04-11
Updated
2016-07-28
Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecified impact via a crafted email, involving Japanese character set conversion.
Max CVSS
7.5
EPSS Score
0.59%
Published
2016-04-11
Updated
2018-10-30
plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.
Max CVSS
6.8
EPSS Score
0.19%
Published
2014-10-15
Updated
2018-10-30
The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.
Max CVSS
5.0
EPSS Score
5.79%
Published
2012-10-22
Updated
2013-03-01
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!