CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 2CVE-2007-1264 – KMail 1.x - GnuPG Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1264
06 Mar 2007 — Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Enigmail 0.94.2 y anteriores no usa adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Enigmail no pueda distinguir entre trozos firmados y no firmados de mensajes Open... • https://www.exploit-db.com/exploits/29690 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2006-5877
https://notcve.org/view.php?id=CVE-2006-5877
23 Feb 2007 — The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. La extensión enigmail anterior 0.94.2 no maneja adecuadamente los ficheros adjuntos encriptados al e-mail, lo cual permite a atacantes remotos provocar denegación de servicio (caida), como se demostró con Mozilla Thunderbird. • http://bugzilla.mozdev.org/show_bug.cgi?id=9730 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3256
https://notcve.org/view.php?id=CVE-2005-3256
18 Oct 2005 — The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message. • http://www.cert.dfn.de/infoserv/dsb/dsb-2005-01.html •