Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
claws-mail claws-mail vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2015-8708
Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote malicious users to have unspecified impact via a crafted email, involving Japanese character set conversion. NOTE: this vulnerability exists because of an incomplete fix for...
Claws-mail Claws-mail 3.13.1
NA
CVE-2007-6208
sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.
Claws Mail Claws Mail Tools
NA
CVE-2012-4507
The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote malicious users to cause a denial of service (NULL pointer dereference and crash) via a crafted email.
Claws-mail Claws-mail 3.8.1
NA
CVE-2014-2576
plugins/rssyl/feed.c in Claws Mail prior to 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote malicious users to spoof servers and conduct man-in-the-middle (MITM) attacks.
Claws-mail Claws-mail
Opensuse Opensuse 12.3
Opensuse Opensuse 13.1
7.3
CVSSv3
CVE-2015-8614
Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail prior to 3.13.1 allow remote malicious users to have unspecified impact via a crafted email, involving Japanese character set conversion...
Claws-mail Claws-mail
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
6.1
CVSSv3
CVE-2021-37746
textview_uri_security_check in textview.c in Claws Mail prior to 3.18.0, and Sylpheed up to and including 3.7.0, does not have sufficient link checks before accepting a click.
Claws-mail Claws-mail
Sylpheed Project Sylpheed
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.5
CVSSv3
CVE-2020-16094
In imap_scan_tree_recursive in Claws Mail up to and including 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
Claws-mail Claws-mail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5.5
CVSSv3
CVE-2012-5527
Claws Mail vCalendar plugin: credentials exposed on interface
Claws-mail Vcalendar -
4.3
CVSSv3
CVE-2019-10735
In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by t...
Claws-mail Mail 3.14.1
9.8
CVSSv3
CVE-2020-15917
common/session.c in Claws Mail prior to 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
Claws-mail Claws-mail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »