Vulnerabilities > Enigmail > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-21 | CVE-2019-12269 | Improper Verification of Cryptographic Signature vulnerability in Enigmail Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. | 7.5 |
| 2017-12-27 | CVE-2017-17847 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.5 |
| 2017-12-27 | CVE-2017-17846 | Improper Input Validation vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.5 |
| 2017-12-27 | CVE-2017-17845 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.3 |
| 2007-02-23 | CVE-2006-5877 | Denial Of Service vulnerability in Enigmail Memory Allocation The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. | 7.8 |