Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-p34h-zc38-63f1

Summary plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

Aliases

alias	CVE-2014-2576

Fixed_packages

url	pkg:deb/debian/claws-mail@3.10.1-1?distro=trixie
purl	pkg:deb/debian/claws-mail@3.10.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.10.1-1%3Fdistro=trixie

url pkg:deb/debian/claws-mail@3.10.1-2~bpo70%2B1

purl pkg:deb/debian/claws-mail@3.10.1-2~bpo70%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6bx3-z5a9-vya5

vulnerability	VCID-921b-k4tj-k7gk

vulnerability	VCID-eqpn-zwjp-rkdf

vulnerability	VCID-vpby-tpg2-wygr

vulnerability	VCID-zaqk-yw24-t7h1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.10.1-2~bpo70%252B1

url pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie

purl pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-185b-3s2q-1ffu

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie

url	pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie
purl	pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie

url	pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie
purl	pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie

url	pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie
purl	pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/claws-mail@3.5.0-2.1

purl pkg:deb/debian/claws-mail@3.5.0-2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6bx3-z5a9-vya5

vulnerability	VCID-921b-k4tj-k7gk

vulnerability	VCID-eqpn-zwjp-rkdf

vulnerability	VCID-p34h-zc38-63f1

vulnerability	VCID-vec3-q1tz-sqfr

vulnerability	VCID-vpby-tpg2-wygr

vulnerability	VCID-zaqk-yw24-t7h1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.5.0-2.1

url pkg:deb/debian/claws-mail@3.7.6-4%2Bsqueeze1

purl pkg:deb/debian/claws-mail@3.7.6-4%2Bsqueeze1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6bx3-z5a9-vya5

vulnerability	VCID-921b-k4tj-k7gk

vulnerability	VCID-eqpn-zwjp-rkdf

vulnerability	VCID-p34h-zc38-63f1

vulnerability	VCID-vec3-q1tz-sqfr

vulnerability	VCID-vpby-tpg2-wygr

vulnerability	VCID-zaqk-yw24-t7h1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.7.6-4%252Bsqueeze1

url pkg:deb/debian/claws-mail@3.7.6-4%2Bsqueeze2

purl pkg:deb/debian/claws-mail@3.7.6-4%2Bsqueeze2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6bx3-z5a9-vya5

vulnerability	VCID-921b-k4tj-k7gk

vulnerability	VCID-eqpn-zwjp-rkdf

vulnerability	VCID-p34h-zc38-63f1

vulnerability	VCID-vec3-q1tz-sqfr

vulnerability	VCID-vpby-tpg2-wygr

vulnerability	VCID-zaqk-yw24-t7h1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.7.6-4%252Bsqueeze2

url pkg:deb/debian/claws-mail@3.8.1-2%2Bdeb7u1

purl pkg:deb/debian/claws-mail@3.8.1-2%2Bdeb7u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6bx3-z5a9-vya5

vulnerability	VCID-921b-k4tj-k7gk

vulnerability	VCID-eqpn-zwjp-rkdf

vulnerability	VCID-p34h-zc38-63f1

vulnerability	VCID-vpby-tpg2-wygr

vulnerability	VCID-zaqk-yw24-t7h1

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.8.1-2%252Bdeb7u1

References

reference_url	http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2014-10/msg00015.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2576

reference_id

reference_type

scores

value	0.00669
scoring_system	epss
scoring_elements	0.7139
published_at	2026-04-24T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.7126
published_at	2026-04-07T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71267
published_at	2026-04-02T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71285
published_at	2026-04-04T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71301
published_at	2026-04-08T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71315
published_at	2026-04-09T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71337
published_at	2026-04-11T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71322
published_at	2026-04-12T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71305
published_at	2026-04-13T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71351
published_at	2026-04-16T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71357
published_at	2026-04-18T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71336
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2576

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2576
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2576

reference_url	http://seclists.org/oss-sec/2014/q1/636
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2014/q1/636

reference_url	http://secunia.com/advisories/60422
reference_id
reference_type
scores
url	http://secunia.com/advisories/60422

reference_url	http://sourceforge.net/p/claws-mail/news/2014/05/claws-mail-3100-unleashed/
reference_id
reference_type
scores
url	http://sourceforge.net/p/claws-mail/news/2014/05/claws-mail-3100-unleashed/

reference_url	http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106
reference_id
reference_type
scores
url	http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742695
reference_id	742695
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742695

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:claws-mail:claws-mail::::::::
reference_id	cpe:2.3:a:claws-mail:claws-mail::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:claws-mail:claws-mail::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:12.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_id	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-2576

reference_id

CVE-2014-2576

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-2576

Weaknesses

cwe_id	310
name	Cryptographic Issues
description	Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.

Exploits

Severity_range_score 6.8 - 6.8

Exploitability 0.5

Weighted_severity 6.1

Risk_score 3.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p34h-zc38-63f1

Vulnerability Instance