Mail

DATE	CVE	VULNERABILITY TITLE	RISK
2018-05-16	CVE-2017-17689	The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network 9folders apple bloop emclient flipdogsolutions freron gnome google horde ibm kde microsoft mozilla postbox-inc r2mail2 ritlabs	4.3
2018-05-16	CVE-2017-17688	The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde flipdogsolutions r2mail2 apple bloop freron mozilla emclient postbox-inc roundcube	5.9
2010-10-08	CVE-2010-3887	Permissions, Privileges, and Access Controls vulnerability in Apple Mail The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. network apple CWE-264	4.3
2008-10-08	CVE-2008-4491	Information Exposure vulnerability in Apple Mail 3.5 Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. network low complexity apple CWE-200	5.0
2008-02-12	CVE-2008-0039	Code Injection vulnerability in Apple Mail Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. network apple CWE-94	6.8
2005-08-19	CVE-2005-2512	Unspecified vulnerability in Apple mac OS X and Mail Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak. local low complexity apple	2.1
2005-05-11	CVE-2005-1505	The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext. network low complexity apple	7.5