CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 2CVE-2007-1264 – KMail 1.x - GnuPG Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1264
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Enigmail 0.94.2 y anteriores no usa adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Enigmail no pueda distinguir entre trozos firmados y no firmados de mensajes OpenPGP con múltiples componentes, lo cual permite a atacantes remotos falsificar el contenido de un mensaje sin ser detectados. • https://www.exploit-db.com/exploits/29690 http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html http://secunia.com/advisories/24416 http://securityreason.com/securityalert/2353 http://www.coresecurity.com/?action=item&id=1687 http://www.securityfocus.com/archive/1/461958/100/0/threaded http://www.securityfocus.com/archive/1/461958/30/7710/threaded http://www.securityfocus.com/bid/22758 http://www.securitytracker.com/id?1017727 http://www.vupen.com/english/ad •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2006-5877
https://notcve.org/view.php?id=CVE-2006-5877
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. La extensión enigmail anterior 0.94.2 no maneja adecuadamente los ficheros adjuntos encriptados al e-mail, lo cual permite a atacantes remotos provocar denegación de servicio (caida), como se demostró con Mozilla Thunderbird. • http://bugzilla.mozdev.org/show_bug.cgi?id=9730 http://enigmail.mozdev.org/changelog.html#enig0.94.2 http://www.securityfocus.com/bid/22684 http://www.ubuntu.com/usn/usn-427-1 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2005-3256
https://notcve.org/view.php?id=CVE-2005-3256
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message. • http://www.cert.dfn.de/infoserv/dsb/dsb-2005-01.html http://www.debian.org/security/2005/dsa-889 http://www.kb.cert.org/vuls/id/805121 http://www.mandriva.com/security/advisories?name=MDKSA-2005:226 http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.securityfocus.com/bid/15155 http://www.vupen.com/english/advisories/2005/2158 https://usn.ubuntu.com/211-1 •