Search for packages
| purl | pkg:deb/debian/enigmail@2:0.94.2-1 |
| Next non-vulnerable version | 2:2.2.4-0.2~deb10u1 |
| Latest non-vulnerable version | 2:2.2.4-0.2~deb10u1 |
| Risk | 9.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1t5g-b5jt-8yft
Aliases: CVE-2017-17847 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-74uy-aghm-bkhd
Aliases: CVE-2007-1264 |
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. |
Affected by 14 other vulnerabilities. |
|
VCID-7535-appn-5fhm
Aliases: CVE-2017-17844 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9cm4-mu3q-2yey
Aliases: CVE-2018-12020 |
security update |
Affected by 0 other vulnerabilities. |
|
VCID-bz74-1y1q-8qfc
Aliases: CVE-2018-12019 |
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. |
Affected by 0 other vulnerabilities. |
|
VCID-c5zg-brhd-4ygg
Aliases: CVE-2017-17688 |
OpenPGP: CFB gadget attacks allows to exfiltrate plaintext out of encrypted emails |
Affected by 0 other vulnerabilities. |
|
VCID-f212-18j2-rych
Aliases: DSA-3921-1 enigmail |
update |
Affected by 12 other vulnerabilities. |
|
VCID-g4s8-7k7n-c3an
Aliases: CVE-2019-12269 |
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. |
Affected by 0 other vulnerabilities. |
|
VCID-gqrn-ek3y-hbg1
Aliases: CVE-2017-17848 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mmdw-63mg-2uhm
Aliases: CVE-2019-14664 |
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks. |
Affected by 0 other vulnerabilities. |
|
VCID-tqpx-hedp-dfcb
Aliases: CVE-2018-15586 |
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email. |
Affected by 0 other vulnerabilities. |
|
VCID-ux6a-2384-suf9
Aliases: CVE-2017-17846 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-x8dz-d9af-fyg2
Aliases: CVE-2017-17845 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-xbab-79ux-t3bn
Aliases: CVE-2014-5369 |
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. |
Affected by 13 other vulnerabilities. |
|
VCID-zm59-us92-2bh1
Aliases: CVE-2017-17843 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-sg6f-tksc-d3f5 | The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message. |
CVE-2005-3256
|
| VCID-yh48-k15t-gqcu | The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. |
CVE-2006-5877
|