Vulnerabilites related to Sylpheed - Sylpheed
CVE-2007-1267 (GCVE-0-2007-1267)
Vulnerability from cvelistv5
Published
2007-03-06 20:00
Modified
2024-08-07 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
},
{
"name": "2353",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2353"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
},
{
"name": "22777",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22777"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=1687"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
},
{
"name": "24414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24414"
},
{
"name": "1017727",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017727"
},
{
"name": "ADV-2007-0835",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0835"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
},
{
"name": "2353",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2353"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
},
{
"name": "22777",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22777"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=1687"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
},
{
"name": "24414",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24414"
},
{
"name": "1017727",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017727"
},
{
"name": "ADV-2007-0835",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0835"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[gnupg-users] 20070306 [Announce] Multiple Messages Problem in GnuPG and GPGME",
"refsource": "MLIST",
"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
},
{
"name": "2353",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2353"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
},
{
"name": "22777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22777"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=1687",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=1687"
},
{
"name": "20070305 CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
},
{
"name": "24414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24414"
},
{
"name": "1017727",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017727"
},
{
"name": "ADV-2007-0835",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0835"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1267",
"datePublished": "2007-03-06T20:00:00",
"dateReserved": "2007-03-04T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3354 (GCVE-0-2005-3354)
Vulnerability from cvelistv5
Published
2005-11-20 21:00
Modified
2024-08-07 23:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:07.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "DSA-906",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-906"
},
{
"name": "15363",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15363"
},
{
"name": "17492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17492"
},
{
"name": "17831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17831/"
},
{
"name": "GLSA-200511-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sylpheed.good-day.net/en/news.html"
},
{
"name": "ADV-2005-2360",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2360"
},
{
"name": "17678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17678"
},
{
"name": "FEDORA-2005-1063",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.xatrix.org/advisory.php?s=7282"
},
{
"name": "17540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17540/"
},
{
"name": "sylpheed-ldif-dos(23028)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23028"
},
{
"name": "17525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17525/"
},
{
"name": "20675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/20675"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "SUSE-SR:2005:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "DSA-906",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-906"
},
{
"name": "15363",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15363"
},
{
"name": "17492",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17492"
},
{
"name": "17831",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17831/"
},
{
"name": "GLSA-200511-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-13.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sylpheed.good-day.net/en/news.html"
},
{
"name": "ADV-2005-2360",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2360"
},
{
"name": "17678",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17678"
},
{
"name": "FEDORA-2005-1063",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.xatrix.org/advisory.php?s=7282"
},
{
"name": "17540",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17540/"
},
{
"name": "sylpheed-ldif-dos(23028)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23028"
},
{
"name": "17525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17525/"
},
{
"name": "20675",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/20675"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-3354",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2005:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "DSA-906",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-906"
},
{
"name": "15363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15363"
},
{
"name": "17492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17492"
},
{
"name": "17831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17831/"
},
{
"name": "GLSA-200511-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-13.xml"
},
{
"name": "http://sylpheed.good-day.net/en/news.html",
"refsource": "CONFIRM",
"url": "http://sylpheed.good-day.net/en/news.html"
},
{
"name": "ADV-2005-2360",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2360"
},
{
"name": "17678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17678"
},
{
"name": "FEDORA-2005-1063",
"refsource": "FEDORA",
"url": "http://www.xatrix.org/advisory.php?s=7282"
},
{
"name": "17540",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17540/"
},
{
"name": "sylpheed-ldif-dos(23028)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23028"
},
{
"name": "17525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17525/"
},
{
"name": "20675",
"refsource": "OSVDB",
"url": "http://osvdb.org/20675"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-3354",
"datePublished": "2005-11-20T21:00:00",
"dateReserved": "2005-10-27T00:00:00",
"dateUpdated": "2024-08-07T23:10:07.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2958 (GCVE-0-2007-2958)
Vulnerability from cvelistv5
Published
2007-08-27 17:00
Modified
2024-08-07 13:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26550"
},
{
"name": "ADV-2007-2971",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2971"
},
{
"name": "26610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2007-70/advisory/"
},
{
"name": "40184",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=254121"
},
{
"name": "27229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27229"
},
{
"name": "27379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27379"
},
{
"name": "sylpheed-incputerror-format-string(36238)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36238"
},
{
"name": "FEDORA-2007-2009",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html"
},
{
"name": "GLSA-200710-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-29.xml"
},
{
"name": "25430",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25430"
},
{
"name": "SUSE-SR:2007:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=190104"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "26550",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26550"
},
{
"name": "ADV-2007-2971",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2971"
},
{
"name": "26610",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2007-70/advisory/"
},
{
"name": "40184",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=254121"
},
{
"name": "27229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27229"
},
{
"name": "27379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27379"
},
{
"name": "sylpheed-incputerror-format-string(36238)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36238"
},
{
"name": "FEDORA-2007-2009",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html"
},
{
"name": "GLSA-200710-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200710-29.xml"
},
{
"name": "25430",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25430"
},
{
"name": "SUSE-SR:2007:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=190104"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2007-2958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26550"
},
{
"name": "ADV-2007-2971",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2971"
},
{
"name": "26610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26610"
},
{
"name": "http://secunia.com/secunia_research/2007-70/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2007-70/advisory/"
},
{
"name": "40184",
"refsource": "OSVDB",
"url": "http://osvdb.org/40184"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=254121",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=254121"
},
{
"name": "27229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27229"
},
{
"name": "27379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27379"
},
{
"name": "sylpheed-incputerror-format-string(36238)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36238"
},
{
"name": "FEDORA-2007-2009",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html"
},
{
"name": "GLSA-200710-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200710-29.xml"
},
{
"name": "25430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25430"
},
{
"name": "SUSE-SR:2007:020",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=190104",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=190104"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2007-2958",
"datePublished": "2007-08-27T17:00:00",
"dateReserved": "2007-05-31T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0926 (GCVE-0-2005-0926)
Vulnerability from cvelistv5
Published
2005-03-29 05:00
Modified
2024-08-07 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:28:29.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sylpheed.good-day.net/changelog.html.en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:40:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sylpheed.good-day.net/changelog.html.en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sylpheed.good-day.net/changelog.html.en",
"refsource": "CONFIRM",
"url": "http://sylpheed.good-day.net/changelog.html.en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0926",
"datePublished": "2005-03-29T05:00:00",
"dateReserved": "2005-03-29T00:00:00",
"dateUpdated": "2024-08-07T21:28:29.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2920 (GCVE-0-2006-2920)
Vulnerability from cvelistv5
Published
2006-06-09 01:00
Modified
2024-08-07 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:06:27.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2283",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2283"
},
{
"name": "20577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20577"
},
{
"name": "sylpheed-claws-utils-textview-security-bypass(27089)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27089"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=422662\u0026group_id=25528"
},
{
"name": "ADV-2006-2173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2173"
},
{
"name": "20476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20476"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sylpheed.good-day.net/en/news.html%5C"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2283",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2283"
},
{
"name": "20577",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20577"
},
{
"name": "sylpheed-claws-utils-textview-security-bypass(27089)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27089"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=422662\u0026group_id=25528"
},
{
"name": "ADV-2006-2173",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2173"
},
{
"name": "20476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20476"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sylpheed.good-day.net/en/news.html%5C"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2283",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2283"
},
{
"name": "20577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20577"
},
{
"name": "sylpheed-claws-utils-textview-security-bypass(27089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27089"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=422662\u0026group_id=25528",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=422662\u0026group_id=25528"
},
{
"name": "ADV-2006-2173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2173"
},
{
"name": "20476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20476"
},
{
"name": "http://sylpheed.good-day.net/en/news.html\\",
"refsource": "CONFIRM",
"url": "http://sylpheed.good-day.net/en/news.html\\"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2920",
"datePublished": "2006-06-09T01:00:00",
"dateReserved": "2006-06-08T00:00:00",
"dateUpdated": "2024-08-07T18:06:27.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0852 (GCVE-0-2003-0852)
Vulnerability from cvelistv5
Published
2003-10-25 04:00
Modified
2024-08-08 02:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:05:12.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sylpheed.good-day.net/#changes"
},
{
"name": "8877",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8877"
},
{
"name": "20031022 Sylpheed-claws format string bug, yet still sylpheed much better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.guninski.com/sylph.html"
},
{
"name": "sylpheed-smtp-format-string(13508)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13508"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-10-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sylpheed.good-day.net/#changes"
},
{
"name": "8877",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8877"
},
{
"name": "20031022 Sylpheed-claws format string bug, yet still sylpheed much better than windows",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.guninski.com/sylph.html"
},
{
"name": "sylpheed-smtp-format-string(13508)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13508"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sylpheed.good-day.net/#changes",
"refsource": "CONFIRM",
"url": "http://sylpheed.good-day.net/#changes"
},
{
"name": "8877",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8877"
},
{
"name": "20031022 Sylpheed-claws format string bug, yet still sylpheed much better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html"
},
{
"name": "http://www.guninski.com/sylph.html",
"refsource": "MISC",
"url": "http://www.guninski.com/sylph.html"
},
{
"name": "sylpheed-smtp-format-string(13508)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13508"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0852",
"datePublished": "2003-10-25T04:00:00",
"dateReserved": "2003-10-10T00:00:00",
"dateUpdated": "2024-08-08T02:05:12.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0667 (GCVE-0-2005-0667)
Vulnerability from cvelistv5
Published
2005-03-07 05:00
Modified
2024-08-07 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:21:06.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sylpheed.good-day.net/changelog-devel.html.en"
},
{
"name": "1013376",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013376"
},
{
"name": "RHSA-2005:303",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-303.html"
},
{
"name": "GLSA-200503-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sylpheed.good-day.net/changelog.html.en"
},
{
"name": "14491",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/14491"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-21T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sylpheed.good-day.net/changelog-devel.html.en"
},
{
"name": "1013376",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013376"
},
{
"name": "RHSA-2005:303",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-303.html"
},
{
"name": "GLSA-200503-26",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sylpheed.good-day.net/changelog.html.en"
},
{
"name": "14491",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/14491"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sylpheed.good-day.net/changelog-devel.html.en",
"refsource": "CONFIRM",
"url": "http://sylpheed.good-day.net/changelog-devel.html.en"
},
{
"name": "1013376",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013376"
},
{
"name": "RHSA-2005:303",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-303.html"
},
{
"name": "GLSA-200503-26",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml"
},
{
"name": "http://sylpheed.good-day.net/changelog.html.en",
"refsource": "CONFIRM",
"url": "http://sylpheed.good-day.net/changelog.html.en"
},
{
"name": "14491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14491"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0667",
"datePublished": "2005-03-07T05:00:00",
"dateReserved": "2005-03-07T00:00:00",
"dateUpdated": "2024-08-07T21:21:06.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2005-000163
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Sylpheed Email Header Buffer Overflow Vulnerability with non-ASCII Characters
Details
Sylpheed does not validate input data properly, which could lead to buffer overflow when it receives a message with the header containing non-ASCII characters.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000163.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Sylpheed does not validate input data properly, which could lead to buffer overflow when it receives a message with the header containing non-ASCII characters.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000163.html",
"sec:cpe": [
{
"#text": "cpe:/a:sylpheed:sylpheed",
"@product": "Sylpheed",
"@vendor": "Sylpheed",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux",
"@product": "Turbolinux",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_desktop",
"@product": "Turbolinux Desktop",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_home",
"@product": "Turbolinux Home",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_workstation",
"@product": "Turbolinux Workstation",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000163",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0667",
"@id": "CVE-2005-0667",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0667",
"@id": "CVE-2005-0667",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/14491/",
"@id": "SA14491",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/12730",
"@id": "12730",
"@source": "BID"
}
],
"title": "Sylpheed Email Header Buffer Overflow Vulnerability with non-ASCII Characters"
}
jvndb-2007-000295
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2009-08-06 11:39
Summary
APOP password recovery vulnerability
Details
POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.
It is reported that APOP passwords could be recovered by third parties.
In its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.
References
| ► | Type | URL | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| ► | Vendor | Product | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
"dc:date": "2009-08-06T11:39+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2009-08-06T11:39+09:00",
"description": "POP3 is a protocol for receiving email from mail servers. APOP is an authentication mechanism used by the POP3 protocol.\r\n\r\nIt is reported that APOP passwords could be recovered by third parties.\r\n\r\nIn its successful attack, the attacker spoofs itself as the mail server, provides challenge strings to the client, and collects the responses from the client. The attacker should repeat this process for a certain period of time without alerting the user of the attack.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000295.html",
"sec:cpe": [
{
"#text": "cpe:/a:claws_mail:claws_mail",
"@product": "Claws Mail",
"@vendor": "Claws Mail",
"@version": "2.2"
},
{
"#text": "cpe:/a:fetchmail:fetchmail",
"@product": "Fetchmail",
"@vendor": "Fetchmail Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:mozilla:seamonkey",
"@product": "Mozilla SeaMonkey",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
},
{
"#text": "cpe:/a:mozilla:thunderbird",
"@product": "Mozilla Thunderbird",
"@vendor": "mozilla.org contributors",
"@version": "2.2"
},
{
"#text": "cpe:/a:mutt:mutt",
"@product": "Mutt",
"@vendor": "Mutt",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_optional_productivity_applications",
"@product": "RHEL Optional Productivity Applications",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sylpheed:sylpheed",
"@product": "Sylpheed",
"@vendor": "Sylpheed",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_eus",
"@product": "Red Hat Enterprise Linux EUS",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux",
"@product": "Turbolinux",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_desktop",
"@product": "Turbolinux Desktop",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_home",
"@product": "Turbolinux Home",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_wizpy",
"@product": "wizpy",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000295",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA07-151A/index.html",
"@id": "JVNTA07-151A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN19445002/index.html",
"@id": "JVN#19445002",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA07-151A/index.html",
"@id": "TRTA07-151A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558",
"@id": "CVE-2007-1558",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1558",
"@id": "CVE-2007-1558",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA07-151A.html",
"@id": "SA07-151A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA07-151A.html",
"@id": "TA07-151A",
"@source": "CERT-TA"
},
{
"#text": "http://www.securityfocus.com/bid/23257",
"@id": "23257",
"@source": "BID"
},
{
"#text": "http://www.securitytracker.com/id?1018008",
"@id": "1018008",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1466",
"@id": "FrSIRT/ADV-2007-1466",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1480",
"@id": "FrSIRT/ADV-2007-1480",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1468",
"@id": "FrSIRT/ADV-2007-1468",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1467",
"@id": "FrSIRT/ADV-2007-1467",
"@source": "FRSIRT"
},
{
"#text": "http://www.ietf.org/rfc/rfc1939.txt",
"@id": "RFC1939:Post Office Protocol - Version 3",
"@source": "IETF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "APOP password recovery vulnerability"
}
jvndb-2005-000199
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Sylpheed Filename Buffer Overflow Vulnerability
Details
Sylpheed contains a buffer overflow vulnerability exploitable via attachements with MIME-encoded filename.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000199.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Sylpheed contains a buffer overflow vulnerability exploitable via attachements with MIME-encoded filename.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000199.html",
"sec:cpe": [
{
"#text": "cpe:/a:sylpheed:sylpheed",
"@product": "Sylpheed",
"@vendor": "Sylpheed",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux",
"@product": "Turbolinux",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_desktop",
"@product": "Turbolinux Desktop",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_home",
"@product": "Turbolinux Home",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_workstation",
"@product": "Turbolinux Workstation",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000199",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0926",
"@id": "CVE-2005-0926",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0926",
"@id": "CVE-2005-0926",
"@source": "NVD"
},
{
"#text": "http://www.securityfocus.com/bid/12934",
"@id": "12934",
"@source": "BID"
}
],
"title": "Sylpheed Filename Buffer Overflow Vulnerability"
}
Vulnerability from fkie_nvd
Published
2005-11-20 21:03
Modified
2025-04-03 01:03
Severity ?
Summary
Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://osvdb.org/20675 | ||
| secalert@redhat.com | http://secunia.com/advisories/17492 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/17525/ | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/17540/ | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/17678 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/17831/ | Vendor Advisory | |
| secalert@redhat.com | http://sylpheed.good-day.net/en/news.html | ||
| secalert@redhat.com | http://www.debian.org/security/2005/dsa-906 | ||
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200511-13.xml | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2005_28_sr.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/15363 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2005/2360 | Vendor Advisory | |
| secalert@redhat.com | http://www.xatrix.org/advisory.php?s=7282 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/23028 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/20675 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17492 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17525/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17540/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17678 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17831/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sylpheed.good-day.net/en/news.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2005/dsa-906 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200511-13.xml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_28_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15363 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2360 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.xatrix.org/advisory.php?s=7282 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/23028 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sylpheed | sylpheed | 0.8.11 | |
| sylpheed | sylpheed | 0.9.4 | |
| sylpheed | sylpheed | 0.9.5 | |
| sylpheed | sylpheed | 0.9.6 | |
| sylpheed | sylpheed | 0.9.7 | |
| sylpheed | sylpheed | 0.9.8 | |
| sylpheed | sylpheed | 0.9.9 | |
| sylpheed | sylpheed | 0.9.10 | |
| sylpheed | sylpheed | 0.9.11 | |
| sylpheed | sylpheed | 0.9.12 | |
| sylpheed | sylpheed | 1.0.0 | |
| sylpheed | sylpheed | 1.0.1 | |
| sylpheed | sylpheed | 1.0.2 | |
| sylpheed | sylpheed | 1.0.3 | |
| sylpheed | sylpheed | 1.0.4 | |
| sylpheed | sylpheed | 2.0 | |
| sylpheed | sylpheed | 2.0.1 | |
| sylpheed | sylpheed | 2.0.2 | |
| sylpheed | sylpheed | 2.0.3 | |
| sylpheed | sylpheed | 2.1 | |
| sylpheed | sylpheed | 2.1.1 | |
| sylpheed | sylpheed | 2.1.2 | |
| sylpheed | sylpheed | 2.1.3 | |
| sylpheed | sylpheed | 2.1.4 | |
| sylpheed | sylpheed | 2.1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7919D2-ACA7-4BFF-8D86-C63F76C09B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAAF875-EBB8-4B6C-99CD-503AFAD5633B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61E0580E-1F1C-4FF1-80AB-4151CFF6C880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48AA3783-5007-4869-A699-36E1888C16F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49731BBA-CC20-4DA2-9A0B-50E4F3CC0A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49389889-7C64-42FA-A212-6B892C011441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3818AFD5-5667-490A-A6F6-7DC525D56DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0559156E-5339-4344-AE50-ECB5604E9A47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F67B0E-24D6-4B37-93B0-177A1F4D7102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CE43A4BB-E5FC-41CF-A4F7-A83FBB3AFD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E81DE243-D5C4-4EF3-B29D-7BBACE42F5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30CA4A62-79A8-4739-A76E-3DA3688C107C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA2A6C-76B4-4323-9AD3-8C30A9013EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2609F068-6A92-483B-A673-4A4F59EC06C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9288C8D-A66C-4D4B-913C-F1284921657E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71D0F0F9-09D2-4789-9BAB-411A91C88631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0931C414-F6FE-4727-8672-AA2D3861E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7898451-CE65-4D65-B466-59C6BD64FDD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1FF24D-03E5-4058-857C-3F13204CE5EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46696D01-FB72-4073-9C9F-254A18882454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1238E1-EC16-4990-998E-FC326C354F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39E2AF3A-C7A7-46ED-8713-D35227E52065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AC9051-FD50-4A3B-B101-7D2370B01E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA29C52-E039-4829-AA4A-782A73BFC249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E785E2D1-432D-4D6A-AFB8-953C114DC6C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines."
}
],
"id": "CVE-2005-3354",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-11-20T21:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/20675"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17492"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17525/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17540/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17678"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17831/"
},
{
"source": "secalert@redhat.com",
"url": "http://sylpheed.good-day.net/en/news.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2005/dsa-906"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-13.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/15363"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2360"
},
{
"source": "secalert@redhat.com",
"url": "http://www.xatrix.org/advisory.php?s=7282"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/20675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17525/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17540/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17831/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sylpheed.good-day.net/en/news.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xatrix.org/advisory.php?s=7282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23028"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-09 01:02
Modified
2025-04-03 01:03
Severity ?
Summary
Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/20476 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/20577 | Vendor Advisory | |
| cve@mitre.org | http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528 | Patch | |
| cve@mitre.org | http://sylpheed.good-day.net/en/news.html%5C | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/2173 | Vendor Advisory | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/2283 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27089 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20476 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20577 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/project/shownotes.php?release_id=422662&group_id=25528 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sylpheed.good-day.net/en/news.html%5C | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2173 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2283 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27089 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sylpheed | sylpheed | * | |
| sylpheed | sylpheed | 2.0 | |
| sylpheed | sylpheed | 2.0.1 | |
| sylpheed | sylpheed | 2.0.2 | |
| sylpheed | sylpheed | 2.0.3 | |
| sylpheed | sylpheed | 2.1 | |
| sylpheed | sylpheed | 2.1.1 | |
| sylpheed | sylpheed | 2.1.2 | |
| sylpheed | sylpheed | 2.1.3 | |
| sylpheed | sylpheed | 2.1.4 | |
| sylpheed | sylpheed | 2.1.5 | |
| sylpheed-claws | sylpheed-claws | * | |
| sylpheed-claws | sylpheed-claws | 0.9.4 | |
| sylpheed-claws | sylpheed-claws | 0.9.5 | |
| sylpheed-claws | sylpheed-claws | 0.9.6 | |
| sylpheed-claws | sylpheed-claws | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36D20D59-FF31-4B4C-8BAA-4A1DAD1E0704",
"versionEndIncluding": "2.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "71D0F0F9-09D2-4789-9BAB-411A91C88631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0931C414-F6FE-4727-8672-AA2D3861E29E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E7898451-CE65-4D65-B466-59C6BD64FDD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB1FF24D-03E5-4058-857C-3F13204CE5EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "46696D01-FB72-4073-9C9F-254A18882454",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A1238E1-EC16-4990-998E-FC326C354F89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "39E2AF3A-C7A7-46ED-8713-D35227E52065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AC9051-FD50-4A3B-B101-7D2370B01E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DFA29C52-E039-4829-AA4A-782A73BFC249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E785E2D1-432D-4D6A-AFB8-953C114DC6C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26E2C5DE-E793-47EF-ABAE-4C53A9396C81",
"versionEndIncluding": "2.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF47A61-63FA-4695-A6B8-E6252205026E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "941EDB98-28E5-4263-B429-5FD6DAA4A95D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F7290C-E2BE-4A98-A5C1-40A29C76D0C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB139F9D-F308-40B2-9ECA-435216309D3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nSylpheed-Claws, Sylpheed-Claws, 2.2.2",
"id": "CVE-2006-2920",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2006-06-09T01:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20476"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20577"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=422662\u0026group_id=25528"
},
{
"source": "cve@mitre.org",
"url": "http://sylpheed.good-day.net/en/news.html%5C"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2173"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2283"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=422662\u0026group_id=25528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sylpheed.good-day.net/en/news.html%5C"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27089"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sylpheed | sylpheed | 0.8.11 | |
| sylpheed | sylpheed | 0.9.4 | |
| sylpheed | sylpheed | 0.9.5 | |
| sylpheed | sylpheed | 0.9.6 | |
| sylpheed | sylpheed | 0.9.7 | |
| sylpheed | sylpheed | 0.9.8 | |
| sylpheed | sylpheed | 0.9.9 | |
| sylpheed | sylpheed | 0.9.10 | |
| sylpheed | sylpheed | 0.9.11 | |
| sylpheed | sylpheed | 0.9.12 | |
| sylpheed | sylpheed | 1.0.0 | |
| sylpheed | sylpheed | 1.0.1 | |
| sylpheed | sylpheed | 1.0.2 | |
| sylpheed | sylpheed | 1.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7919D2-ACA7-4BFF-8D86-C63F76C09B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAAF875-EBB8-4B6C-99CD-503AFAD5633B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61E0580E-1F1C-4FF1-80AB-4151CFF6C880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48AA3783-5007-4869-A699-36E1888C16F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49731BBA-CC20-4DA2-9A0B-50E4F3CC0A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49389889-7C64-42FA-A212-6B892C011441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3818AFD5-5667-490A-A6F6-7DC525D56DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0559156E-5339-4344-AE50-ECB5604E9A47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F67B0E-24D6-4B37-93B0-177A1F4D7102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CE43A4BB-E5FC-41CF-A4F7-A83FBB3AFD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E81DE243-D5C4-4EF3-B29D-7BBACE42F5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30CA4A62-79A8-4739-A76E-3DA3688C107C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA2A6C-76B4-4323-9AD3-8C30A9013EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2609F068-6A92-483B-A673-4A4F59EC06C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names."
}
],
"id": "CVE-2005-0926",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sylpheed.good-day.net/changelog.html.en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sylpheed.good-day.net/changelog.html.en"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-27 17:17
Modified
2025-04-09 00:30
Severity ?
Summary
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| PSIRT-CNA@flexerasoftware.com | http://bugs.gentoo.org/show_bug.cgi?id=190104 | ||
| PSIRT-CNA@flexerasoftware.com | http://osvdb.org/40184 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/26550 | Patch, Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/26610 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/27229 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/advisories/27379 | ||
| PSIRT-CNA@flexerasoftware.com | http://secunia.com/secunia_research/2007-70/advisory/ | Patch, Vendor Advisory | |
| PSIRT-CNA@flexerasoftware.com | http://security.gentoo.org/glsa/glsa-200710-29.xml | ||
| PSIRT-CNA@flexerasoftware.com | http://www.novell.com/linux/security/advisories/2007_20_sr.html | ||
| PSIRT-CNA@flexerasoftware.com | http://www.securityfocus.com/bid/25430 | ||
| PSIRT-CNA@flexerasoftware.com | http://www.vupen.com/english/advisories/2007/2971 | ||
| PSIRT-CNA@flexerasoftware.com | https://bugzilla.redhat.com/show_bug.cgi?id=254121 | ||
| PSIRT-CNA@flexerasoftware.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/36238 | ||
| PSIRT-CNA@flexerasoftware.com | https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=190104 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/40184 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26550 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26610 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27229 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/27379 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/secunia_research/2007-70/advisory/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200710-29.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2007_20_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25430 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2971 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=254121 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/36238 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sylpheed | sylpheed | 2.4.4 | |
| sylpheed-claws | sylpheed-claws | 1.9.100 | |
| sylpheed-claws | sylpheed-claws | 2.10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A0B9CA4A-A38F-416E-8932-E12A0EB3F2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.9.100:*:*:*:*:*:*:*",
"matchCriteriaId": "F114852D-4966-424F-883B-3223B2D6CB96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B33723FF-72E4-4CBF-814A-CBFB17BD87AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadena en la funci\u00f3n inc_put_error en src/inc.c en Sylpheed 2.4.4, y Sylpheed-Claws (Claws Mail) 1.9.100 y 2.10.0, permite a servidores POP3 remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de especificaciones de formato de cadena en respuestas manipuladas."
}
],
"id": "CVE-2007-2958",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-08-27T17:17:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=190104"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://osvdb.org/40184"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26550"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/26610"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/27229"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/27379"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-70/advisory/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://security.gentoo.org/glsa/glsa-200710-29.xml"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/25430"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2007/2971"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=254121"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36238"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=190104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26550"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2007-70/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200710-29.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_20_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2971"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=254121"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00077.html"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect version of Sylpheed as shipped with Red Hat Enterprise Linux 2.1. Sylpheed and claws-mail are not shipped with Red Hat Enterprise Linux 3, 4, or 5.\n",
"lastModified": "2007-08-28T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-03-07 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/14491 | Patch, Vendor Advisory | |
| cve@mitre.org | http://securitytracker.com/id?1013376 | Vendor Advisory | |
| cve@mitre.org | http://sylpheed.good-day.net/changelog-devel.html.en | Patch, Vendor Advisory | |
| cve@mitre.org | http://sylpheed.good-day.net/changelog.html.en | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-303.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/14491 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1013376 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sylpheed.good-day.net/changelog-devel.html.en | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sylpheed.good-day.net/changelog.html.en | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-303.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sylpheed | sylpheed | 0.8.11 | |
| sylpheed | sylpheed | 0.9.4 | |
| sylpheed | sylpheed | 0.9.5 | |
| sylpheed | sylpheed | 0.9.6 | |
| sylpheed | sylpheed | 0.9.7 | |
| sylpheed | sylpheed | 0.9.8 | |
| sylpheed | sylpheed | 0.9.9 | |
| sylpheed | sylpheed | 0.9.10 | |
| sylpheed | sylpheed | 0.9.11 | |
| sylpheed | sylpheed | 0.9.12 | |
| sylpheed | sylpheed | 0.9.99 | |
| sylpheed | sylpheed | 1.0.0 | |
| sylpheed | sylpheed | 1.0.1 | |
| sylpheed | sylpheed | 1.0.2 | |
| sylpheed-claws | sylpheed-claws | 1.0.2 | |
| altlinux | alt_linux | 2.3 | |
| altlinux | alt_linux | 2.3 | |
| gentoo | linux | * | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | enterprise_linux | 2.1 | |
| redhat | fedora_core | core_3.0 | |
| redhat | linux_advanced_workstation | 2.1 | |
| redhat | linux_advanced_workstation | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6E7919D2-ACA7-4BFF-8D86-C63F76C09B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAAF875-EBB8-4B6C-99CD-503AFAD5633B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61E0580E-1F1C-4FF1-80AB-4151CFF6C880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48AA3783-5007-4869-A699-36E1888C16F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "49731BBA-CC20-4DA2-9A0B-50E4F3CC0A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "49389889-7C64-42FA-A212-6B892C011441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3818AFD5-5667-490A-A6F6-7DC525D56DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0559156E-5339-4344-AE50-ECB5604E9A47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F67B0E-24D6-4B37-93B0-177A1F4D7102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CE43A4BB-E5FC-41CF-A4F7-A83FBB3AFD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.99:*:*:*:*:*:*:*",
"matchCriteriaId": "4560B68F-9247-4057-802F-D15AFDFA10A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E81DE243-D5C4-4EF3-B29D-7BBACE42F5F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30CA4A62-79A8-4739-A76E-3DA3688C107C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DDA2A6C-76B4-4323-9AD3-8C30A9013EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB139F9D-F308-40B2-9ECA-435216309D3D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*",
"matchCriteriaId": "64BE98C2-8EFA-4349-9FE2-D62CA63A16C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*",
"matchCriteriaId": "7D0AC3A3-A37C-4053-B05F-A031877AC811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
"matchCriteriaId": "2641EE56-6F9D-400B-B456-877F4DA79B10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
"matchCriteriaId": "A4A9461E-C117-42EC-9F14-DF2A82BA7C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
"matchCriteriaId": "E0B458EA-495E-40FA-9379-C03757F7B1EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
"matchCriteriaId": "409E324A-C040-494F-A026-9DCAE01C07F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
"matchCriteriaId": "1728AB5D-55A9-46B0-A412-6F7263CAEB5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
"matchCriteriaId": "6474B775-C893-491F-A074-802AFB1FEDD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:fedora_core:core_3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC80CF67-C51D-442C-9526-CFEDE84A6304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "84A50ED3-FD0D-4038-B3E7-CC65D166C968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
"matchCriteriaId": "777F9EC0-2919-45CA-BFF8-78A02537C513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message."
}
],
"id": "CVE-2005-0667",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-03-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14491"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013376"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sylpheed.good-day.net/changelog-devel.html.en"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sylpheed.good-day.net/changelog.html.en"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-303.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/14491"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1013376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sylpheed.good-day.net/changelog-devel.html.en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sylpheed.good-day.net/changelog.html.en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-303.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-06 20:19
Modified
2025-04-09 00:30
Severity ?
Summary
Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html | ||
| cve@mitre.org | http://secunia.com/advisories/24414 | ||
| cve@mitre.org | http://securityreason.com/securityalert/2353 | ||
| cve@mitre.org | http://www.coresecurity.com/?action=item&id=1687 | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/461958/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/461958/30/7710/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/22777 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1017727 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/0835 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24414 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/2353 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.coresecurity.com/?action=item&id=1687 | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/461958/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/461958/30/7710/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/22777 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017727 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0835 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE098EB5-A7CC-4F64-A4B5-892A7027DCD5",
"versionEndIncluding": "2.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection."
},
{
"lang": "es",
"value": "Sylpheed 2.2.7 y anteriores no utilizan adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Sylpheed no distinga visualmente entre trozos firmados y no firmados de mensajes OpenPGP con m\u00faltiples componentes, lo cual permite a atacantes remotos falsificar el contenido de un mensaje si ser detectado."
}
],
"id": "CVE-2007-1267",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-06T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24414"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2353"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=1687"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22777"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017727"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24414"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=1687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461958/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461958/30/7710/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0835"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-11-17 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html | ||
| cve@mitre.org | http://sylpheed.good-day.net/#changes | ||
| cve@mitre.org | http://www.guninski.com/sylph.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/8877 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/13508 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sylpheed.good-day.net/#changes | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.guninski.com/sylph.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/8877 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/13508 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sylpheed | sylpheed | 0.9.4 | |
| sylpheed | sylpheed | 0.9.5 | |
| sylpheed | sylpheed | 0.9.6 | |
| sylpheed-claws | sylpheed-claws | 0.9.4 | |
| sylpheed-claws | sylpheed-claws | 0.9.5 | |
| sylpheed-claws | sylpheed-claws | 0.9.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAAF875-EBB8-4B6C-99CD-503AFAD5633B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61E0580E-1F1C-4FF1-80AB-4151CFF6C880",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed:sylpheed:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "48AA3783-5007-4869-A699-36E1888C16F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2EF47A61-63FA-4695-A6B8-E6252205026E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "941EDB98-28E5-4263-B429-5FD6DAA4A95D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F7290C-E2BE-4A98-A5C1-40A29C76D0C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message."
},
{
"lang": "es",
"value": "Vulnerabilidad de cadena de formato en send_message.c de Sylpheed-claws 0.9.4 a 0.9.6a permite a servidores SMTP remotos causar una denegaci\u00f3n (ca\u00edda) en sylpheed mediante cadenas de formato en un mensaje de error."
}
],
"id": "CVE-2003-0852",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html"
},
{
"source": "cve@mitre.org",
"url": "http://sylpheed.good-day.net/#changes"
},
{
"source": "cve@mitre.org",
"url": "http://www.guninski.com/sylph.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8877"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sylpheed.good-day.net/#changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.guninski.com/sylph.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13508"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}