cpe:2.3:a:sylpheed:sylpheed:0.9.11:*:*:*:*:*:*:*
Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Max CVSS
5.0
EPSS Score
4.23%
Published
2007-03-06
Updated
2018-10-16
Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.
Max CVSS
2.6
EPSS Score
33.36%
Published
2006-06-09
Updated
2018-08-13
Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines.
Max CVSS
5.1
EPSS Score
0.17%
Published
2005-11-20
Updated
2017-07-11
Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names.
Max CVSS
5.1
EPSS Score
0.40%
Published
2005-05-02
Updated
2008-09-10
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
Max CVSS
5.1
EPSS Score
5.50%
Published
2005-03-07
Updated
2008-09-05
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!