Vulnerabilities > Enigmail > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-21 | CVE-2019-12269 | Improper Verification of Cryptographic Signature vulnerability in Enigmail Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. | 7.5 |
| 2018-06-13 | CVE-2018-12019 | Improper Verification of Cryptographic Signature vulnerability in Enigmail The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. | 7.5 |
| 2017-12-27 | CVE-2017-17848 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.5 |
| 2017-12-27 | CVE-2017-17847 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.5 |
| 2017-12-27 | CVE-2017-17846 | Improper Input Validation vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.5 |
| 2017-12-27 | CVE-2017-17845 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products An issue was discovered in Enigmail before 1.9.9. | 7.3 |