rpm package
suse/enigmail&distro=SUSE Linux Enterprise Workstation Extension 15
pkg:rpm/suse/enigmail&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-12269 | — | < 2.0.11-3.16.1 | 2.0.11-3.16.1 | May 21, 2019 | Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. | ||
| CVE-2018-12019 | — | < 2.0.7-3.7.2 | 2.0.7-3.7.2 | Jun 13, 2018 | The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted | ||
| CVE-2018-12020 | — | < 2.0.7-3.7.2 | 2.0.7-3.7.2 | Jun 8, 2018 | mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP da |
- CVE-2019-12269May 21, 2019affected < 2.0.11-3.16.1fixed 2.0.11-3.16.1
Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text.
- CVE-2018-12019Jun 13, 2018affected < 2.0.7-3.7.2fixed 2.0.7-3.7.2
The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted
- CVE-2018-12020Jun 8, 2018affected < 2.0.7-3.7.2fixed 2.0.7-3.7.2
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP da