VulnerableCode Package Details - pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-185b-3s2q-1ffu	textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.	CVE-2021-37746
VCID-6bx3-z5a9-vya5	In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.	CVE-2020-16094
VCID-921b-k4tj-k7gk	Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation.	CVE-2015-8708
VCID-eqpn-zwjp-rkdf	A vulnerability was discovered in Claws Mail's STARTTLS handling, possibly allowing an integrity/confidentiality compromise.	CVE-2020-15917
VCID-p34h-zc38-63f1	plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.	CVE-2014-2576
VCID-ukjn-pbdj-u3e3	Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted arbitrary remote code execution.	CVE-2007-1558
VCID-vec3-q1tz-sqfr	The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.	CVE-2012-4507
VCID-vpby-tpg2-wygr	Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation.	CVE-2015-8614
VCID-wcjp-avbb-uyga	Claws Mail uses temporary files in an insecure manner, allowing for a symlink attack.	CVE-2007-6208
VCID-zaqk-yw24-t7h1	Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.	CVE-2010-5109

Vulnerability

Summary

Aliases

VCID-185b-3s2q-1ffu

textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

CVE-2021-37746

VCID-6bx3-z5a9-vya5

In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.

CVE-2020-16094

VCID-921b-k4tj-k7gk

Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation.

CVE-2015-8708

VCID-eqpn-zwjp-rkdf

A vulnerability was discovered in Claws Mail's STARTTLS handling, possibly allowing an integrity/confidentiality compromise.

CVE-2020-15917

VCID-p34h-zc38-63f1

plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.

CVE-2014-2576

VCID-ukjn-pbdj-u3e3

Multiple vulnerabilities have been reported in Mozilla Firefox, Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted arbitrary remote code execution.

CVE-2007-1558

VCID-vec3-q1tz-sqfr

The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.

CVE-2012-4507

VCID-vpby-tpg2-wygr

Multiple vulnerabilities have been found in claws-mail, particularly in the default SSL implementation.

CVE-2015-8614

VCID-wcjp-avbb-uyga

Claws Mail uses temporary files in an insecure manner, allowing for a symlink attack.

CVE-2007-6208

VCID-zaqk-yw24-t7h1

Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.

CVE-2010-5109

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:05:13.730338+00:00	Debian Importer	Fixing	VCID-921b-k4tj-k7gk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:51:35.504491+00:00	Debian Importer	Fixing	VCID-6bx3-z5a9-vya5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:45:08.631112+00:00	Debian Importer	Fixing	VCID-zaqk-yw24-t7h1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:34:20.803423+00:00	Debian Importer	Fixing	VCID-p34h-zc38-63f1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:21:24.732403+00:00	Debian Importer	Fixing	VCID-vec3-q1tz-sqfr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:42:22.064914+00:00	Debian Importer	Fixing	VCID-wcjp-avbb-uyga	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:32:11.062508+00:00	Debian Importer	Fixing	VCID-eqpn-zwjp-rkdf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:23:09.253485+00:00	Debian Importer	Fixing	VCID-vpby-tpg2-wygr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:40:38.227882+00:00	Debian Importer	Fixing	VCID-ukjn-pbdj-u3e3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:59:53.143342+00:00	Debian Importer	Fixing	VCID-921b-k4tj-k7gk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:49:35.484253+00:00	Debian Importer	Fixing	VCID-6bx3-z5a9-vya5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:44:42.048413+00:00	Debian Importer	Fixing	VCID-zaqk-yw24-t7h1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:36:38.465683+00:00	Debian Importer	Fixing	VCID-p34h-zc38-63f1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:27:16.500336+00:00	Debian Importer	Fixing	VCID-vec3-q1tz-sqfr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:14:28.604617+00:00	Debian Importer	Fixing	VCID-wcjp-avbb-uyga	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:06:46.278485+00:00	Debian Importer	Fixing	VCID-eqpn-zwjp-rkdf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:59:52.569724+00:00	Debian Importer	Fixing	VCID-vpby-tpg2-wygr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:26:17.798121+00:00	Debian Importer	Fixing	VCID-ukjn-pbdj-u3e3	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:21:13.991242+00:00	Debian Importer	Fixing	VCID-185b-3s2q-1ffu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:17:16.027695+00:00	Debian Importer	Fixing	VCID-921b-k4tj-k7gk	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:16:20.891679+00:00	Debian Importer	Fixing	VCID-6bx3-z5a9-vya5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:16:04.059849+00:00	Debian Importer	Fixing	VCID-zaqk-yw24-t7h1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:15:27.561913+00:00	Debian Importer	Fixing	VCID-p34h-zc38-63f1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:14:34.490674+00:00	Debian Importer	Fixing	VCID-vec3-q1tz-sqfr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:09.000021+00:00	Debian Importer	Fixing	VCID-wcjp-avbb-uyga	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:28.265358+00:00	Debian Importer	Fixing	VCID-eqpn-zwjp-rkdf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:56.691145+00:00	Debian Importer	Fixing	VCID-vpby-tpg2-wygr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:33.437531+00:00	Debian Importer	Fixing	VCID-ukjn-pbdj-u3e3	https://security-tracker.debian.org/tracker/data/json	38.1.0