{"url":"http://public2.vulnerablecode.io/api/packages/34950?format=json","purl":"pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie","type":"deb","namespace":"debian","name":"claws-mail","version":"4.4.0-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/180331?format=json","vulnerability_id":"VCID-7y49-nb7y-hqek","summary":"Multiple vulnerabilities have been found in claws-mail,\n    particularly in the default SSL implementation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8708","reference_id":"","reference_type":"","scores":[{"value":"0.01292","scoring_system":"epss","scoring_elements":"0.8009","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01292","scoring_system":"epss","scoring_elements":"0.80152","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8708"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8708","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8708"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811048","reference_id":"811048","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811048"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34964?format=json","purl":"pkg:deb/debian/claws-mail@3.13.1-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.13.1-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34949?format=json","purl":"pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dard-gp3k-dfb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34945?format=json","purl":"pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34951?format=json","purl":"pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34950?format=json","purl":"pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8708"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7y49-nb7y-hqek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/197608?format=json","vulnerability_id":"VCID-dard-gp3k-dfb5","summary":"insufficient validation","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37746","reference_id":"","reference_type":"","scores":[{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65697","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00486","scoring_system":"epss","scoring_elements":"0.65942","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37746"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991722","reference_id":"991722","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991722"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991723","reference_id":"991723","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991723"},{"reference_url":"https://security.archlinux.org/AVG-2243","reference_id":"AVG-2243","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2243"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34973?format=json","purl":"pkg:deb/debian/claws-mail@3.18.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.18.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34945?format=json","purl":"pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34951?format=json","purl":"pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34950?format=json","purl":"pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie"}],"aliases":["CVE-2021-37746"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dard-gp3k-dfb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185879?format=json","vulnerability_id":"VCID-euyg-n1p4-7bhv","summary":"A vulnerability was discovered in Claws Mail's STARTTLS handling,\n    possibly allowing an integrity/confidentiality compromise.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15917","reference_id":"","reference_type":"","scores":[{"value":"0.02222","scoring_system":"epss","scoring_elements":"0.84862","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02222","scoring_system":"epss","scoring_elements":"0.84914","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15917"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15917","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15917"},{"reference_url":"https://security.gentoo.org/glsa/202007-56","reference_id":"GLSA-202007-56","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34967?format=json","purl":"pkg:deb/debian/claws-mail@3.17.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34949?format=json","purl":"pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dard-gp3k-dfb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34945?format=json","purl":"pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34951?format=json","purl":"pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34950?format=json","purl":"pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie"}],"aliases":["CVE-2020-15917"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-euyg-n1p4-7bhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/119863?format=json","vulnerability_id":"VCID-f7n7-7td7-4bep","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8614","reference_id":"","reference_type":"","scores":[{"value":"0.01873","scoring_system":"epss","scoring_elements":"0.83524","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01873","scoring_system":"epss","scoring_elements":"0.83583","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-8614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8614"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34961?format=json","purl":"pkg:deb/debian/claws-mail@3.13.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.13.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34949?format=json","purl":"pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dard-gp3k-dfb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34945?format=json","purl":"pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34951?format=json","purl":"pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34950?format=json","purl":"pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie"}],"aliases":["CVE-2015-8614"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f7n7-7td7-4bep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/201881?format=json","vulnerability_id":"VCID-hwu3-aauz-mfhw","summary":"Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5109","reference_id":"","reference_type":"","scores":[{"value":"0.0124","scoring_system":"epss","scoring_elements":"0.7966","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0124","scoring_system":"epss","scoring_elements":"0.79725","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5109"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705468","reference_id":"705468","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705468"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771360","reference_id":"771360","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771360"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34955?format=json","purl":"pkg:deb/debian/claws-mail@3.11.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.11.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34949?format=json","purl":"pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dard-gp3k-dfb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34945?format=json","purl":"pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34951?format=json","purl":"pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34950?format=json","purl":"pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie"}],"aliases":["CVE-2010-5109"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwu3-aauz-mfhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203338?format=json","vulnerability_id":"VCID-jgua-uyc4-9ka9","summary":"plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fields, which makes it easier for remote attackers to spoof servers and conduct man-in-the-middle (MITM) attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2576","reference_id":"","reference_type":"","scores":[{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.7179","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00669","scoring_system":"epss","scoring_elements":"0.71875","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2576"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2576","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2576"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742695","reference_id":"742695","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742695"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34960?format=json","purl":"pkg:deb/debian/claws-mail@3.10.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.10.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34949?format=json","purl":"pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dard-gp3k-dfb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34945?format=json","purl":"pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34951?format=json","purl":"pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34950?format=json","purl":"pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie"}],"aliases":["CVE-2014-2576"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgua-uyc4-9ka9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/185123?format=json","vulnerability_id":"VCID-nnad-adwn-eqaw","summary":"Multiple vulnerabilities have been reported in Mozilla Firefox,\n    Thunderbird, SeaMonkey and XULRunner, some of which may allow user-assisted\n    arbitrary remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1558.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1558.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1558","reference_id":"","reference_type":"","scores":[{"value":"0.1342","scoring_system":"epss","scoring_elements":"0.94356","published_at":"2026-06-11T12:55:00Z"},{"value":"0.1342","scoring_system":"epss","scoring_elements":"0.94375","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-1558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=241191","reference_id":"241191","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=241191"},{"reference_url":"https://security.gentoo.org/glsa/200706-06","reference_id":"GLSA-200706-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200706-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2007-15","reference_id":"mfsa2007-15","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2007-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0344","reference_id":"RHSA-2007:0344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0353","reference_id":"RHSA-2007:0353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0385","reference_id":"RHSA-2007:0385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0386","reference_id":"RHSA-2007:0386","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0386"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0401","reference_id":"RHSA-2007:0401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2007:0402","reference_id":"RHSA-2007:0402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2007:0402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1140","reference_id":"RHSA-2009:1140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2009:1140"},{"reference_url":"https://usn.ubuntu.com/469-1/","reference_id":"USN-469-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/469-1/"},{"reference_url":"https://usn.ubuntu.com/520-1/","reference_id":"USN-520-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/520-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34946?format=json","purl":"pkg:deb/debian/claws-mail@2.9.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@2.9.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34949?format=json","purl":"pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dard-gp3k-dfb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34945?format=json","purl":"pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34951?format=json","purl":"pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34950?format=json","purl":"pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie"}],"aliases":["CVE-2007-1558"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnad-adwn-eqaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207779?format=json","vulnerability_id":"VCID-raf7-67nx-3fe4","summary":"In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16094","reference_id":"","reference_type":"","scores":[{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65604","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00482","scoring_system":"epss","scoring_elements":"0.65702","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-16094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16094"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966630","reference_id":"966630","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966630"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34970?format=json","purl":"pkg:deb/debian/claws-mail@3.17.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34949?format=json","purl":"pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dard-gp3k-dfb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34945?format=json","purl":"pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34951?format=json","purl":"pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34950?format=json","purl":"pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie"}],"aliases":["CVE-2020-16094"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-raf7-67nx-3fe4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/182122?format=json","vulnerability_id":"VCID-ymdf-f6ee-37ex","summary":"Claws Mail uses temporary files in an insecure manner, allowing for a\n    symlink attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6208","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22583","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22778","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6208"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6208","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6208"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454089","reference_id":"454089","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454089"},{"reference_url":"https://security.gentoo.org/glsa/200801-03","reference_id":"GLSA-200801-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200801-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34953?format=json","purl":"pkg:deb/debian/claws-mail@3.1.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.1.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34949?format=json","purl":"pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dard-gp3k-dfb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34945?format=json","purl":"pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34951?format=json","purl":"pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34950?format=json","purl":"pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie"}],"aliases":["CVE-2007-6208"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ymdf-f6ee-37ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/202450?format=json","vulnerability_id":"VCID-z3wd-apsy-7udq","summary":"The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4507","reference_id":"","reference_type":"","scores":[{"value":"0.01238","scoring_system":"epss","scoring_elements":"0.79645","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01238","scoring_system":"epss","scoring_elements":"0.79711","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4507"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4507","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4507"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690151","reference_id":"690151","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690151"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34958?format=json","purl":"pkg:deb/debian/claws-mail@3.8.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.8.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34949?format=json","purl":"pkg:deb/debian/claws-mail@3.17.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-dard-gp3k-dfb5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@3.17.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34945?format=json","purl":"pkg:deb/debian/claws-mail@4.1.1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.1.1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34951?format=json","purl":"pkg:deb/debian/claws-mail@4.3.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.3.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/34950?format=json","purl":"pkg:deb/debian/claws-mail@4.4.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie"}],"aliases":["CVE-2012-4507"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z3wd-apsy-7udq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/claws-mail@4.4.0-1%3Fdistro=trixie"}