Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Enigmail Subscribe
Filtered by product Enigmail

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-12269 1 Enigmail 1 Enigmail 2019-06-24 5.0 MEDIUM 7.5 HIGH
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.
CVE-2018-12019 1 Enigmail 1 Enigmail 2019-05-16 5.0 MEDIUM 7.5 HIGH
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids.
CVE-2017-17848 2 Debian, Enigmail 2 Debian Linux, Enigmail 2019-05-16 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing message appears to be signed, but the recipient does not see any of the signed text.
CVE-2017-17845 2 Debian, Enigmail 2 Debian Linux, Enigmail 2018-02-04 7.5 HIGH 7.3 HIGH
An issue was discovered in Enigmail before 1.9.9. Improper Random Secret Generation occurs because Math.Random() is used by pretty Easy privacy (pEp), aka TBE-01-001.
CVE-2017-17846 2 Debian, Enigmail 2 Debian Linux, Enigmail 2018-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Enigmail before 1.9.9. Regular expressions are exploitable for Denial of Service, because of attempts to match arbitrarily long strings, aka TBE-01-003.
CVE-2017-17847 2 Debian, Enigmail 2 Debian Linux, Enigmail 2018-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachment that is a signed e-mail message in message/rfc822 format.