VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Enigmail
> Medium
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2019-08-05
CVE-2019-14664
Cleartext Transmission of Sensitive Information vulnerability in multiple products
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email.
network
low complexity
enigmail
fedoraproject
CWE-319
6.5
6.5
2019-02-11
CVE-2018-15586
Improper Verification of Cryptographic Signature vulnerability in Enigmail
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
network
low complexity
enigmail
CWE-347
6.5
6.5
2017-12-27
CVE-2017-17844
Cleartext Transmission of Sensitive Information vulnerability in multiple products
An issue was discovered in Enigmail before 1.9.9.
network
low complexity
enigmail
debian
CWE-319
6.5
6.5
2017-12-27
CVE-2017-17843
An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Full Name field and a homograph attack, aka TBE-01-002.
network
high complexity
enigmail
debian
5.9
5.9