Vulnerabilities > Apple > Mail > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-16 | CVE-2017-17689 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | 4.3 |
| 2018-05-16 | CVE-2017-17688 | The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | 5.9 |
| 2010-10-08 | CVE-2010-3887 | Permissions, Privileges, and Access Controls vulnerability in Apple Mail The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. | 4.3 |
| 2008-10-08 | CVE-2008-4491 | Information Exposure vulnerability in Apple Mail 3.5 Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | 5.0 |
| 2008-02-12 | CVE-2008-0039 | Code Injection vulnerability in Apple Mail Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. | 6.8 |