Search for packages
| purl | pkg:deb/debian/claws-mail@3.10.1-2~bpo70%2B1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6bx3-z5a9-vya5
Aliases: CVE-2020-16094 |
In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree. |
Affected by 1 other vulnerability. |
|
VCID-921b-k4tj-k7gk
Aliases: CVE-2015-8708 |
Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation. |
Affected by 2 other vulnerabilities. |
|
VCID-eqpn-zwjp-rkdf
Aliases: CVE-2020-15917 |
A vulnerability was discovered in Claws Mail's STARTTLS handling, possibly allowing an integrity/confidentiality compromise. |
Affected by 1 other vulnerability. |
|
VCID-vpby-tpg2-wygr
Aliases: CVE-2015-8614 |
Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. |
|
VCID-zaqk-yw24-t7h1
Aliases: CVE-2010-5109 |
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow. |
Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-p34h-zc38-63f1 | plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks. |
CVE-2014-2576
|