CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2014-5369 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-5369
08 Sep 2014 — Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network. Enigmail 1.7.x anterior a 1.7.2 envía emails en texto claro cuando la codificación está habilitada y solamente los recipientes BCC están especificados, lo que permite a atacantes remotos obtener información sensible mediante la captura del trafico de la red. Multiple vulnerabilities have been found in Mo... • http://lists.opensuse.org/opensuse-updates/2014-09/msg00004.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 2CVE-2007-1264 – KMail 1.x - GnuPG Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1264
06 Mar 2007 — Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Enigmail 0.94.2 y anteriores no usa adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Enigmail no pueda distinguir entre trozos firmados y no firmados de mensajes Open... • https://www.exploit-db.com/exploits/29690 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2006-5877
https://notcve.org/view.php?id=CVE-2006-5877
23 Feb 2007 — The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. La extensión enigmail anterior 0.94.2 no maneja adecuadamente los ficheros adjuntos encriptados al e-mail, lo cual permite a atacantes remotos provocar denegación de servicio (caida), como se demostró con Mozilla Thunderbird. • http://bugzilla.mozdev.org/show_bug.cgi?id=9730 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3256
https://notcve.org/view.php?id=CVE-2005-3256
18 Oct 2005 — The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message. • http://www.cert.dfn.de/infoserv/dsb/dsb-2005-01.html •