Vulnerabilities > Enigmail > Enigmail > 2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-05 | CVE-2019-14664 | Cleartext Transmission of Sensitive Information vulnerability in multiple products In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. | 6.5 |
| 2019-05-21 | CVE-2019-12269 | Improper Verification of Cryptographic Signature vulnerability in Enigmail Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. | 7.5 |
| 2019-02-11 | CVE-2018-15586 | Improper Verification of Cryptographic Signature vulnerability in Enigmail Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email. | 4.3 |
| 2018-06-13 | CVE-2018-12019 | Improper Verification of Cryptographic Signature vulnerability in Enigmail The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. | 5.0 |