Search for packages
| purl | pkg:deb/debian/enigmail@2:2.2.4-0.3?distro=bullseye |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1t5g-b5jt-8yft | security update |
CVE-2017-17847
|
| VCID-74uy-aghm-bkhd | Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. |
CVE-2007-1264
|
| VCID-7535-appn-5fhm | security update |
CVE-2017-17844
|
| VCID-9cm4-mu3q-2yey | security update |
CVE-2018-12020
|
| VCID-bz74-1y1q-8qfc | The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. |
CVE-2018-12019
|
| VCID-c5zg-brhd-4ygg | OpenPGP: CFB gadget attacks allows to exfiltrate plaintext out of encrypted emails |
CVE-2017-17688
|
| VCID-g4s8-7k7n-c3an | Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. |
CVE-2019-12269
|
| VCID-gqrn-ek3y-hbg1 | security update |
CVE-2017-17848
|
| VCID-mmdw-63mg-2uhm | In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks. |
CVE-2019-14664
|
| VCID-sg6f-tksc-d3f5 | The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message. |
CVE-2005-3256
|
| VCID-tqpx-hedp-dfcb | Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email. |
CVE-2018-15586
|
| VCID-ux6a-2384-suf9 | security update |
CVE-2017-17846
|
| VCID-x8dz-d9af-fyg2 | security update |
CVE-2017-17845
|
| VCID-xbab-79ux-t3bn | Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, the worst of which may allow user-assisted execution of arbitrary code. |
CVE-2014-5369
|
| VCID-yh48-k15t-gqcu | The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. |
CVE-2006-5877
|
| VCID-zm59-us92-2bh1 | security update |
CVE-2017-17843
|