CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12619
https://notcve.org/view.php?id=CVE-2020-12619
20 Aug 2020 — MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email. MailMate versiones anteriores a 1.11 importaba automáticamente certificados S/MIME y, por lo tanto, reempl... • https://updates.mailmate-app.com/2.0/release_notes •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15588 – Johnny You Are Fired
https://notcve.org/view.php?id=CVE-2018-15588
11 Feb 2019 — MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email. MailMate, en versiones anteriores a la 1.11.3, gestiona de manera incorrecta una estructura HTML/MIME sospechosa en un correo electrónico firmado/cifrado. • https://packetstorm.news/files/id/152703 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.9EPSS: 1%CPEs: 12EXPL: 1CVE-2017-17688
https://notcve.org/view.php?id=CVE-2017-17688
16 May 2018 — The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification ** EN DISPUTA ** La especificación OpenPGP permite un ataque malleability-gadget Cipher Feedback Mode (CFB) que puede conducir indirectamente a la exfiltra... • http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html •
CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 1CVE-2017-17689 – Debian Security Advisory 4244-1
https://notcve.org/view.php?id=CVE-2017-17689
16 May 2018 — The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. La especificación S/MIME permite un ataque malleability-gadget Cipher Block Chaining (CBC) que puede conducir indirectamente a la exfiltración en texto plano. Esto también se conoce como EFAIL. Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails. • http://www.securityfocus.com/bid/104165 •