rpm package
opensuse/enigmail&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/enigmail&distro=openSUSE%20Tumbleweed
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-12269 | — | < 2.2.4-1.4 | 2.2.4-1.4 | May 21, 2019 | Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. | ||
| CVE-2018-12019 | — | < 2.2.4-1.4 | 2.2.4-1.4 | Jun 13, 2018 | The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted | ||
| CVE-2018-12020 | — | < 2.2.4-1.4 | 2.2.4-1.4 | Jun 8, 2018 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP da | ||
| CVE-2017-17689 | — | < 2.2.4-1.4 | 2.2.4-1.4 | May 16, 2018 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | ||
| CVE-2017-17688 | — | < 2.2.4-1.4 | 2.2.4-1.4 | May 16, 2018 | The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o | ||
| CVE-2014-5369 | — | < 1.9.6.1-1.1 | 1.9.6.1-1.1 | Sep 8, 2014 | Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network. |
- CVE-2019-12269May 21, 2019affected < 2.2.4-1.4fixed 2.2.4-1.4
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.
- CVE-2018-12019Jun 13, 2018affected < 2.2.4-1.4fixed 2.2.4-1.4
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted
- CVE-2018-12020Jun 8, 2018affected < 2.2.4-1.4fixed 2.2.4-1.4
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP da
- CVE-2017-17689May 16, 2018affected < 2.2.4-1.4fixed 2.2.4-1.4
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
- CVE-2017-17688May 16, 2018affected < 2.2.4-1.4fixed 2.2.4-1.4
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature o
- CVE-2014-5369Sep 8, 2014affected < 1.9.6.1-1.1fixed 1.9.6.1-1.1
Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption is enabled and only BCC recipients are specified, which allows remote attackers to obtain sensitive information by sniffing the network.