Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bloop airmail - vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-15670
An issue exists in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handl...
Bloop Airmail 3.3.5.9
5
CVSSv2
CVE-2018-15669
An issue exists in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwner...
Bloop Airmail 3 3.5.9
5
CVSSv2
CVE-2018-15668
An issue exists in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix de...
Bloop Airmail 3 3.5.9
4.3
CVSSv2
CVE-2017-17688
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o...
Microsoft Outlook 2007
Horde Horde Imp -
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Freron Mailmate -
Mozilla Thunderbird -
Emclient Emclient -
Postbox-inc Postbox -
Roundcube Webmail -
1 Github repository
1 Article
5
CVSSv2
CVE-2018-15667
An issue exists in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restrictio...
Airmailapp Airmail 3.3.5.9
4.3
CVSSv2
CVE-2017-17689
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Gnome Evolution -
Mozilla Thunderbird -
Ibm Notes -
Emclient Emclient -
Horde Horde Imp -
9folders Nine -
Freron Mailmate -
Kde Kmail -
Ritlabs The Bat -
Microsoft Outlook 2013
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Microsoft Outlook 2010
Microsoft Outlook 2007
Google Gmail -
Kde Trojita -
Postbox-inc Postbox -
Microsoft Outlook 2016
1 Github repository
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started