Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enigmail enigmail vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2014-5369
Enigmail 1.7.x prior to 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote malicious users to obtain sensitive information by sniffing the network.
Enigmail Enigmail 1.7.2
Enigmail Enigmail 1.7
1 Article
445
VMScore
CVE-2018-12019
The signature verification routine in Enigmail prior to 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote malicious users to spoof arbitrary email signatures via public keys containing ...
Enigmail Enigmail
505
VMScore
CVE-2007-1264
Enigmail 0.94.2 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users to...
Enigmail Enigmail
1 EDB exploit
445
VMScore
CVE-2019-12269
Enigmail prior to 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.
Enigmail Enigmail
383
VMScore
CVE-2018-15586
Enigmail prior to 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
Enigmail Enigmail
694
VMScore
CVE-2006-5877
The enigmail extension prior to 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote malicious users to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
Enigmail Enigmail
445
VMScore
CVE-2005-3256
The key selection dialogue in Enigmail prior to 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.
Enigmail Enigmail
383
VMScore
CVE-2017-17843
An issue exists in Enigmail prior to 1.9.9 that allows remote malicious users to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Ful...
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
383
VMScore
CVE-2017-17844
An issue exists in Enigmail prior to 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attack...
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
445
VMScore
CVE-2017-17846
An issue exists in Enigmail prior to 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »