Skip to main content

Enigmail

10 CVEs product

Monthly

CVE-2019-14664 MEDIUM POC This Month

In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Enigmail Fedora
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2019-12269 HIGH POC This Week

Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Enigmail
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-12019 HIGH POC This Week

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Enigmail
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-17848 HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Enigmail Debian Linux
NVD GitHub
CVSS 3.0
7.5
EPSS
0.9%
CVE-2017-17847 HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Enigmail Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-17846 HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Enigmail Debian Linux
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2017-17845 HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enigmail Debian Linux
NVD
CVSS 3.0
7.3
EPSS
0.5%
CVE-2017-17844 MEDIUM This Month

An issue was discovered in Enigmail before 1.9.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enigmail Debian Linux
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2017-17843 MEDIUM This Month

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Enigmail Debian Linux
NVD
CVSS 3.0
5.9
EPSS
0.2%
CVE-2014-5369 MEDIUM POC PATCH This Month

Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Enigmail
NVD
CVSS 2.0
4.3
EPSS
0.6%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Enigmail Fedora
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Enigmail
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Enigmail
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Enigmail +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Enigmail +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Enigmail Debian Linux
NVD
EPSS 1% CVSS 7.3
HIGH This Week

An issue was discovered in Enigmail before 1.9.9. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enigmail Debian Linux
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue was discovered in Enigmail before 1.9.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Enigmail Debian Linux
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

An issue was discovered in Enigmail before 1.9.9 that allows remote attackers to trigger use of an intended public key for encryption, because incorrect regular expressions are used for extraction of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Enigmail Debian Linux
NVD
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Enigmail
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy