rpm package
opensuse/claws-mail&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/claws-mail&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15917 | — | < 4.0.0-2.5 | 4.0.0-2.5 | Jul 23, 2020 | common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. | ||
| CVE-2007-1558 | — | < 4.0.0-2.5 | 4.0.0-2.5 | Apr 16, 2007 | The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1 |
- CVE-2020-15917Jul 23, 2020affected < 4.0.0-2.5fixed 4.0.0-2.5
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled.
- CVE-2007-1558Apr 16, 2007affected < 4.0.0-2.5fixed 4.0.0-2.5
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including (1) Thunderbird 1