CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

Search Vulnerabilities

Software

Searching vulnerabilities affecting “claws-mail”

5 vulnerabilities found for “claws-mail”

CVE-2021-37746

MEDIUM6.1

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

claws-mail / claws-mail+3

Network

Published Jul 30, 2021

CVE-2020-16094

HIGH7.5

In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.

claws-mail / claws-mail+3

Network

Published Jul 28, 2020

CVE-2020-15917

CRITICAL9.8

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.

claws-mail / claws-mail+6

Network

Published Jul 23, 2020

CVE-2012-5527

MEDIUM5.5

Claws Mail vCalendar plugin: credentials exposed on interface

claws-mail / vcalendar

Local

Published Nov 25, 2019

CVE-2019-10735

MEDIUM4.3

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.

claws-mail / mail

Network

Published Apr 7, 2019