Search for packages
| purl | pkg:deb/debian/enigmail@2:1.0.1-5 |
| Next non-vulnerable version | 2:2.2.4-0.2~deb10u1 |
| Latest non-vulnerable version | 2:2.2.4-0.2~deb10u1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1t5g-b5jt-8yft
Aliases: CVE-2017-17847 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-7535-appn-5fhm
Aliases: CVE-2017-17844 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9cm4-mu3q-2yey
Aliases: CVE-2018-12020 |
security update |
Affected by 0 other vulnerabilities. |
|
VCID-bz74-1y1q-8qfc
Aliases: CVE-2018-12019 |
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. |
Affected by 0 other vulnerabilities. |
|
VCID-c5zg-brhd-4ygg
Aliases: CVE-2017-17688 |
OpenPGP: CFB gadget attacks allows to exfiltrate plaintext out of encrypted emails |
Affected by 0 other vulnerabilities. |
|
VCID-f212-18j2-rych
Aliases: DSA-3921-1 enigmail |
update |
Affected by 12 other vulnerabilities. |
|
VCID-g4s8-7k7n-c3an
Aliases: CVE-2019-12269 |
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. |
Affected by 0 other vulnerabilities. |
|
VCID-gqrn-ek3y-hbg1
Aliases: CVE-2017-17848 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-mmdw-63mg-2uhm
Aliases: CVE-2019-14664 |
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks. |
Affected by 0 other vulnerabilities. |
|
VCID-tqpx-hedp-dfcb
Aliases: CVE-2018-15586 |
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email. |
Affected by 0 other vulnerabilities. |
|
VCID-ux6a-2384-suf9
Aliases: CVE-2017-17846 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-x8dz-d9af-fyg2
Aliases: CVE-2017-17845 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-xbab-79ux-t3bn
Aliases: CVE-2014-5369 |
Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. |
Affected by 13 other vulnerabilities. |
|
VCID-zm59-us92-2bh1
Aliases: CVE-2017-17843 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||