Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
claws-mail claws-mail vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-15917
common/session.c in Claws Mail prior to 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
Claws-mail Claws-mail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
7.5
CVSSv2
CVE-2015-8614
Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail prior to 3.13.1 allow remote malicious users to have unspecified impact via a crafted email, involving Japanese character set conversion...
Claws-mail Claws-mail
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
7.5
CVSSv2
CVE-2015-8708
Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote malicious users to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for...
Claws-mail Claws-mail 3.13.1
6.8
CVSSv2
CVE-2014-2576
plugins/rssyl/feed.c in Claws Mail prior to 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote malicious users to spoof servers and conduct man-in-the-middle (MITM) attacks.
Claws-mail Claws-mail
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
6.8
CVSSv2
CVE-2007-2958
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
Sylpheed-claws Sylpheed-claws 1.9.100
Sylpheed-claws Sylpheed-claws 2.10.0
Sylpheed Sylpheed 2.4.4
5.8
CVSSv2
CVE-2021-37746
textview_uri_security_check in textview.c in Claws Mail prior to 3.18.0, and Sylpheed up to and including 3.7.0, does not have sufficient link checks before accepting a click.
Claws-mail Claws-mail
Sylpheed Project Sylpheed
Fedoraproject Fedora 33
Fedoraproject Fedora 34
5
CVSSv2
CVE-2020-16094
In imap_scan_tree_recursive in Claws Mail up to and including 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
Claws-mail Claws-mail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5
CVSSv2
CVE-2012-4507
The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a crafted email.
Claws-mail Claws-mail 3.8.1
4.3
CVSSv2
CVE-2019-10735
In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by t...
Claws-mail Mail 3.14.1
3.6
CVSSv2
CVE-2007-6208
sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.
Claws Mail Claws Mail Tools
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »