VulnerableCode Package Details - pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-185b-3s2q-1ffu Aliases: CVE-2021-37746	textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.	3.18.0-1 Affected by 0 other vulnerabilities. 4.1.1-2 Affected by 0 other vulnerabilities. 4.3.1-1 Affected by 0 other vulnerabilities. 4.4.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-185b-3s2q-1ffu
Aliases:
CVE-2021-37746

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

3.18.0-1
Affected by 0 other vulnerabilities.

4.1.1-2
Affected by 0 other vulnerabilities.

4.3.1-1
Affected by 0 other vulnerabilities.

4.4.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6bx3-z5a9-vya5	In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.	CVE-2020-16094
VCID-921b-k4tj-k7gk	Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation.	CVE-2015-8708
VCID-eqpn-zwjp-rkdf	A vulnerability was discovered in Claws Mail's STARTTLS handling, possibly allowing an integrity/confidentiality compromise.	CVE-2020-15917
VCID-p34h-zc38-63f1	plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.	CVE-2014-2576
VCID-ukjn-pbdj-u3e3	Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted arbitrary remote code execution.	CVE-2007-1558
VCID-vec3-q1tz-sqfr	The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.	CVE-2012-4507
VCID-vpby-tpg2-wygr	Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation.	CVE-2015-8614
VCID-wcjp-avbb-uyga	Claws Mail uses temporary files in an insecure manner, allowing for a symlink attack.	CVE-2007-6208
VCID-zaqk-yw24-t7h1	Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.	CVE-2010-5109

Vulnerability

Summary

Aliases

VCID-6bx3-z5a9-vya5

In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.

CVE-2020-16094

VCID-921b-k4tj-k7gk

Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation.

CVE-2015-8708

VCID-eqpn-zwjp-rkdf

A vulnerability was discovered in Claws Mail's STARTTLS handling, possibly allowing an integrity/confidentiality compromise.

CVE-2020-15917

VCID-p34h-zc38-63f1

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

CVE-2014-2576

VCID-ukjn-pbdj-u3e3

Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted arbitrary remote code execution.

CVE-2007-1558

VCID-vec3-q1tz-sqfr

The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.

CVE-2012-4507

VCID-vpby-tpg2-wygr

Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation.

CVE-2015-8614

VCID-wcjp-avbb-uyga

Claws Mail uses temporary files in an insecure manner, allowing for a symlink attack.

CVE-2007-6208

VCID-zaqk-yw24-t7h1

Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.

CVE-2010-5109

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:05:13.715903+00:00	Debian Importer	Fixing	VCID-921b-k4tj-k7gk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:51:35.492563+00:00	Debian Importer	Fixing	VCID-6bx3-z5a9-vya5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:45:08.617020+00:00	Debian Importer	Fixing	VCID-zaqk-yw24-t7h1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:34:20.790556+00:00	Debian Importer	Fixing	VCID-p34h-zc38-63f1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:21:24.717802+00:00	Debian Importer	Fixing	VCID-vec3-q1tz-sqfr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:42:22.051823+00:00	Debian Importer	Fixing	VCID-wcjp-avbb-uyga	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:32:11.052558+00:00	Debian Importer	Fixing	VCID-eqpn-zwjp-rkdf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:23:09.238418+00:00	Debian Importer	Fixing	VCID-vpby-tpg2-wygr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:40:38.218456+00:00	Debian Importer	Fixing	VCID-ukjn-pbdj-u3e3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:59:53.131235+00:00	Debian Importer	Fixing	VCID-921b-k4tj-k7gk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:49:35.469727+00:00	Debian Importer	Fixing	VCID-6bx3-z5a9-vya5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:44:42.034305+00:00	Debian Importer	Fixing	VCID-zaqk-yw24-t7h1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:36:38.452950+00:00	Debian Importer	Fixing	VCID-p34h-zc38-63f1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:27:16.487977+00:00	Debian Importer	Fixing	VCID-vec3-q1tz-sqfr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:14:28.594295+00:00	Debian Importer	Fixing	VCID-wcjp-avbb-uyga	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:06:46.267930+00:00	Debian Importer	Fixing	VCID-eqpn-zwjp-rkdf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:59:52.558648+00:00	Debian Importer	Fixing	VCID-vpby-tpg2-wygr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:26:17.788662+00:00	Debian Importer	Fixing	VCID-ukjn-pbdj-u3e3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:21:13.976614+00:00	Debian Importer	Affected by	VCID-185b-3s2q-1ffu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:17:16.014497+00:00	Debian Importer	Fixing	VCID-921b-k4tj-k7gk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:16:20.879015+00:00	Debian Importer	Fixing	VCID-6bx3-z5a9-vya5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:16:04.047041+00:00	Debian Importer	Fixing	VCID-zaqk-yw24-t7h1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:15:27.549328+00:00	Debian Importer	Fixing	VCID-p34h-zc38-63f1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:14:34.477949+00:00	Debian Importer	Fixing	VCID-vec3-q1tz-sqfr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:08.987421+00:00	Debian Importer	Fixing	VCID-wcjp-avbb-uyga	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:28.255991+00:00	Debian Importer	Fixing	VCID-eqpn-zwjp-rkdf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:56.681426+00:00	Debian Importer	Fixing	VCID-vpby-tpg2-wygr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:33.426162+00:00	Debian Importer	Fixing	VCID-ukjn-pbdj-u3e3	https://security-tracker.debian.org/tracker/data/json	38.1.0