Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-1264 | 1 Enigmail | 1 Enigmail | 2018-10-16 | 5.0 MEDIUM | N/A |
| Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. | |||||
| CVE-2005-3256 | 1 Enigmail | 1 Enigmail | 2018-10-03 | 5.0 MEDIUM | N/A |
| The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message. | |||||
| CVE-2014-5369 | 1 Enigmail | 1 Enigmail | 2016-12-22 | 4.3 MEDIUM | N/A |
| Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2006-5877 | 2 Enigmail, Ubuntu | 2 Enigmail, Ubuntu Linux | 2008-11-15 | 7.8 HIGH | N/A |
| The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. | |||||