CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2014-5369
https://notcve.org/view.php?id=CVE-2014-5369
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network. Enigmail 1.7.x anterior a 1.7.2 envía emails en texto claro cuando la codificación está habilitada y solamente los recipientes BCC están especificados, lo que permite a atacantes remotos obtener información sensible mediante la captura del trafico de la red. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00004.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00008.html http://secunia.com/advisories/60779 http://secunia.com/advisories/60887 http://secunia.com/advisories/61854 http://sourceforge.net/p/enigmail/bugs/294 http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4 http://www.openwall.com/lists/oss-security/2014/08/18/2 http://www.openwall.com/lists/oss-security/2014/08/22/1 https://advis • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 5%CPEs: 1EXPL: 2CVE-2007-1264 – KMail 1.x - GnuPG Arbitrary Content Injection
https://notcve.org/view.php?id=CVE-2007-1264
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. Enigmail 0.94.2 y anteriores no usa adecuadamente el argumento --status-fd al invocar a GnuPG, lo cual provoca que Enigmail no pueda distinguir entre trozos firmados y no firmados de mensajes OpenPGP con múltiples componentes, lo cual permite a atacantes remotos falsificar el contenido de un mensaje sin ser detectados. • https://www.exploit-db.com/exploits/29690 http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html http://secunia.com/advisories/24416 http://securityreason.com/securityalert/2353 http://www.coresecurity.com/?action=item&id=1687 http://www.securityfocus.com/archive/1/461958/100/0/threaded http://www.securityfocus.com/archive/1/461958/30/7710/threaded http://www.securityfocus.com/bid/22758 http://www.securitytracker.com/id?1017727 http://www.vupen.com/english/ad •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2006-5877
https://notcve.org/view.php?id=CVE-2006-5877
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. La extensión enigmail anterior 0.94.2 no maneja adecuadamente los ficheros adjuntos encriptados al e-mail, lo cual permite a atacantes remotos provocar denegación de servicio (caida), como se demostró con Mozilla Thunderbird. • http://bugzilla.mozdev.org/show_bug.cgi?id=9730 http://enigmail.mozdev.org/changelog.html#enig0.94.2 http://www.securityfocus.com/bid/22684 http://www.ubuntu.com/usn/usn-427-1 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2005-3256
https://notcve.org/view.php?id=CVE-2005-3256
The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message. • http://www.cert.dfn.de/infoserv/dsb/dsb-2005-01.html http://www.debian.org/security/2005/dsa-889 http://www.kb.cert.org/vuls/id/805121 http://www.mandriva.com/security/advisories?name=MDKSA-2005:226 http://www.novell.com/linux/security/advisories/2005_28_sr.html http://www.securityfocus.com/bid/15155 http://www.vupen.com/english/advisories/2005/2158 https://usn.ubuntu.com/211-1 •