Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enigmail enigmail vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5369
Enigmail 1.7.x prior to 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote malicious users to obtain sensitive information by sniffing the network.
Enigmail Enigmail 1.7.2
Enigmail Enigmail 1.7
1 Article
6.5
CVSSv3
CVE-2018-15586
Enigmail prior to 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
Enigmail Enigmail
NA
CVE-2006-5877
The enigmail extension prior to 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote malicious users to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
Enigmail Enigmail
7.5
CVSSv3
CVE-2018-12019
The signature verification routine in Enigmail prior to 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote malicious users to spoof arbitrary email signatures via public keys containing ...
Enigmail Enigmail
NA
CVE-2005-3256
The key selection dialogue in Enigmail prior to 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.
Enigmail Enigmail
NA
CVE-2007-1264
Enigmail 0.94.2 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users to...
Enigmail Enigmail
1 EDB exploit
7.5
CVSSv3
CVE-2019-12269
Enigmail prior to 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.
Enigmail Enigmail
5.9
CVSSv3
CVE-2017-17843
An issue exists in Enigmail prior to 1.9.9 that allows remote malicious users to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of an e-mail address from a comma-separated list, as demonstrated by a modified Ful...
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2017-17844
An issue exists in Enigmail prior to 1.9.9. A remote attacker can obtain cleartext content by sending an encrypted data block (that the attacker cannot directly decrypt) to a victim, and relying on the victim to automatically decrypt that block and then send it back to the attack...
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.3
CVSSv3
CVE-2017-17845
An issue exists in Enigmail prior to 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »