Vulnerabilities > Enigmail
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-05 | CVE-2019-14664 | Cleartext Transmission of Sensitive Information vulnerability in multiple products In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. | 6.5 |
| 2019-05-21 | CVE-2019-12269 | Improper Verification of Cryptographic Signature vulnerability in Enigmail Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. | 7.5 |
| 2019-02-11 | CVE-2018-15586 | Improper Verification of Cryptographic Signature vulnerability in Enigmail Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email. | 6.5 |
| 2018-06-13 | CVE-2018-12019 | Improper Verification of Cryptographic Signature vulnerability in Enigmail The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. | 7.5 |
| 2017-12-27 | CVE-2017-17848 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.5 |
| 2017-12-27 | CVE-2017-17847 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.5 |
| 2017-12-27 | CVE-2017-17846 | Improper Input Validation vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.5 |
| 2017-12-27 | CVE-2017-17845 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.3 |
| 2017-12-27 | CVE-2017-17844 | Cleartext Transmission of Sensitive Information vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 6.5 |
| 2017-12-27 | CVE-2017-17843 | An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002. | 5.9 |