Sylpheed Project Sylpheed vulnerabilities

CVE-2021-37746 [MEDIUM] CWE-601 CVE-2021-37746: textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, d textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.

CVE-2017-17517 [HIGH] CWE-74 CVE-2017-17517: libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program spec libsylph/utils.c in Sylpheed through 3.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.