This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sylpheed First view 2005-03-07
Product Sylpheed Last view 2007-03-06
Version 0.9.12 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sylpheed:sylpheed

Activity : Overall

Related : CVE

  Date Alert Description
5 2007-03-06 CVE-2007-1267

Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

2.6 2006-06-08 CVE-2006-2920

Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.

5.1 2005-11-20 CVE-2005-3354

Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines.

5.1 2005-05-02 CVE-2005-0926

Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names.

5.1 2005-03-07 CVE-2005-0667

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
50% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
33502 Multiple Mail Client --status-fd GnuPG Invocation Spoofed Content Weakness
26229 Sylpheed Unspecified URI Check Bypass
20675 Sylpheed Address Book LDIF Import Overflow
15125 Sylpheed MIME-encoded Attachment Filename Overflow
14570 Sylpheed Message Header Processing Overflow

OpenVAS Exploits

id Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200503-26 (sylpheed sylpheed-claws)
File : nvt/glsa_200503_26.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200511-13 (sylpheed sylpheed-claws)
File : nvt/glsa_200511_13.nasl
2008-09-04 Name : FreeBSD Ports: sylpheed, sylpheed-claws, sylpheed-gtk2
File : nvt/freebsd_sylpheed.nasl
2008-09-04 Name : FreeBSD Ports: sylpheed, sylpheed-gtk2, sylpheed-claws
File : nvt/freebsd_sylpheed0.nasl
2008-01-17 Name : Debian Security Advisory DSA 906-1 (sylpheed)
File : nvt/deb_906_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 908-1 (sylpheed-claws)
File : nvt/deb_908_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 924-1 (nbd)
File : nvt/deb_924_1.nasl

Nessus® Vulnerability Scanner

id Description
2007-11-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-432-1.nasl - Type: ACT_GATHER_INFO
2007-03-12 Name: The remote Mandrake Linux host is missing one or more security updates.
File: mandrake_MDKSA-2007-059.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-906.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-908.nasl - Type: ACT_GATHER_INFO
2006-01-21 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-237-1.nasl - Type: ACT_GATHER_INFO
2006-01-21 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-238-1.nasl - Type: ACT_GATHER_INFO
2005-11-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200511-13.nasl - Type: ACT_GATHER_INFO
2005-11-15 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-1063.nasl - Type: ACT_GATHER_INFO
2005-09-12 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-211.nasl - Type: ACT_GATHER_INFO
2005-08-01 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_b1e8c81001d011dabc080001020eed82.nasl - Type: ACT_GATHER_INFO
2005-07-13 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_f85361439bc411d9b8b3000a95bc6fae.nasl - Type: ACT_GATHER_INFO
2005-05-19 Name: The remote Fedora Core host is missing a security update.
File: fedora_2005-224.nasl - Type: ACT_GATHER_INFO
2005-03-21 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-200503-26.nasl - Type: ACT_GATHER_INFO
2005-03-18 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2005-303.nasl - Type: ACT_GATHER_INFO