Vulnerabilities > Enigmail

DATE CVE VULNERABILITY TITLE RISK
2019-08-05 CVE-2019-14664 Cleartext Transmission of Sensitive Information vulnerability in multiple products
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email.
network
low complexity
enigmail fedoraproject CWE-319
6.5
2019-05-21 CVE-2019-12269 Improper Verification of Cryptographic Signature vulnerability in Enigmail
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.
network
low complexity
enigmail CWE-347
7.5
2019-02-11 CVE-2018-15586 Improper Verification of Cryptographic Signature vulnerability in Enigmail
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
network
enigmail CWE-347
4.3
2018-06-13 CVE-2018-12019 Improper Verification of Cryptographic Signature vulnerability in Enigmail
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.
network
low complexity
enigmail CWE-347
5.0
2017-12-27 CVE-2017-17848 Improper Verification of Cryptographic Signature vulnerability in multiple products
An issue was discovered in Enigmail before 1.9.9.
network
low complexity
enigmail debian CWE-347
5.0
2017-12-27 CVE-2017-17847 Improper Verification of Cryptographic Signature vulnerability in multiple products
An issue was discovered in Enigmail before 1.9.9.
network
low complexity
enigmail debian CWE-347
7.5
2017-12-27 CVE-2017-17846 Improper Input Validation vulnerability in multiple products
An issue was discovered in Enigmail before 1.9.9.
network
low complexity
enigmail debian CWE-20
7.5
2017-12-27 CVE-2017-17845 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
An issue was discovered in Enigmail before 1.9.9.
network
low complexity
enigmail debian CWE-338
7.3
2017-12-27 CVE-2017-17844 Cleartext Transmission of Sensitive Information vulnerability in multiple products
An issue was discovered in Enigmail before 1.9.9.
network
low complexity
enigmail debian CWE-319
6.5
2017-12-27 CVE-2017-17843 An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.
network
high complexity
enigmail debian
5.9