Search for packages
| purl | pkg:deb/debian/enigmail@2:1.8.2-4~deb7u1 |
| Next non-vulnerable version | 2:2.2.4-0.2~deb10u1 |
| Latest non-vulnerable version | 2:2.2.4-0.2~deb10u1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1zm7-heez-fues
Aliases: CVE-2017-17848 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-29gr-h2my-rqcs
Aliases: CVE-2017-17688 |
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification |
Affected by 0 other vulnerabilities. |
|
VCID-c4zg-arzg-2uee
Aliases: CVE-2017-17847 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-enr2-xbuh-yudn
Aliases: CVE-2019-12269 |
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. |
Affected by 0 other vulnerabilities. |
|
VCID-h27q-8sx3-pkd1
Aliases: CVE-2018-15586 |
Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email. |
Affected by 0 other vulnerabilities. |
|
VCID-hmzv-g2e8-73dt
Aliases: CVE-2018-12019 |
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. |
Affected by 0 other vulnerabilities. |
|
VCID-kmns-wkwy-s7f5
Aliases: DSA-3921-1 enigmail |
update |
Affected by 12 other vulnerabilities. |
|
VCID-kpkz-859c-hqbw
Aliases: CVE-2017-17846 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-p6xn-vjxt-3qcu
Aliases: CVE-2018-12020 |
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes. |
Affected by 0 other vulnerabilities. |
|
VCID-pk9q-8186-33b4
Aliases: CVE-2019-14664 |
In Enigmail below 2.1, an attacker in possession of PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, he unknowingly leaks the plaintext of the encrypted message part(s) back to the attacker. This attack variant bypasses protection mechanisms implemented after the "EFAIL" attacks. |
Affected by 0 other vulnerabilities. |
|
VCID-t4h3-9hhv-ukaf
Aliases: CVE-2017-17844 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-urr8-t2pw-x3dp
Aliases: CVE-2017-17845 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-uty6-cyt1-47e1
Aliases: CVE-2017-17843 |
security update |
Affected by 12 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||