Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enigmail enigmail vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5369
Enigmail 1.7.x prior to 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote malicious users to obtain sensitive information by sniffing the network.
Enigmail Enigmail 1.7.2
Enigmail Enigmail 1.7
1 Article
6.5
CVSSv3
CVE-2018-15586
Enigmail prior to 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email.
Enigmail Enigmail
7.5
CVSSv3
CVE-2019-12269
Enigmail prior to 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.
Enigmail Enigmail
NA
CVE-2005-3256
The key selection dialogue in Enigmail prior to 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message.
Enigmail Enigmail
NA
CVE-2006-5877
The enigmail extension prior to 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote malicious users to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird.
Enigmail Enigmail
7.5
CVSSv3
CVE-2018-12019
The signature verification routine in Enigmail prior to 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote malicious users to spoof arbitrary email signatures via public keys containing ...
Enigmail Enigmail
NA
CVE-2007-1264
Enigmail 0.94.2 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users to...
Enigmail Enigmail
1 EDB exploit
7.5
CVSSv3
CVE-2017-17847
An issue exists in Enigmail prior to 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with a...
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.3
CVSSv3
CVE-2017-17845
An issue exists in Enigmail prior to 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
7.5
CVSSv3
CVE-2017-17846
An issue exists in Enigmail prior to 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.
Enigmail Enigmail
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »