by Apple Inc.
CVEs (22)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-13874 | Hig | 0.49 | 7.5 | 0.01 | Dec 25, 2017 | An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection. | ||
| CVE-2006-0395 | 0.07 | — | 0.54 | Aug 5, 2006 | The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types. | |||
| CVE-2006-0396 | 0.04 | — | 0.11 | Mar 14, 2006 | Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user… | |||
| CVE-2015-7761 | 0.00 | — | 0.01 | Oct 9, 2015 | Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760. | |||
| CVE-2015-5884 | 0.00 | — | 0.00 | Oct 9, 2015 | The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. | |||
| CVE-2015-3710 | 0.00 | — | 0.02 | Jul 3, 2015 | Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. | |||
| CVE-2014-4439 | 0.00 | — | 0.02 | Oct 18, 2014 | Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. | |||
| CVE-2013-5182 | 0.00 | — | 0.01 | Oct 24, 2013 | Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message. | |||
| CVE-2010-3887 | 0.00 | — | 0.01 | Oct 8, 2010 | The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a… | |||
| CVE-2010-0525 | 0.00 | — | 0.01 | Mar 30, 2010 | Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force… | |||
| CVE-2010-0508 | 0.00 | — | 0.02 | Mar 30, 2010 | Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors. | |||
| CVE-2008-4491 | 0.00 | — | 0.01 | Oct 8, 2008 | Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | |||
| CVE-2008-0039 | 0.00 | — | 0.03 | Feb 12, 2008 | Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. | |||
| CVE-2006-1449 | 0.00 | — | 0.05 | May 12, 2006 | Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment. | |||
| CVE-2005-2745 | 0.00 | — | 0.01 | Oct 26, 2005 | Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information. | |||
| CVE-2005-2746 | 0.00 | — | 0.01 | Oct 26, 2005 | Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages. | |||
| CVE-2005-2512 | 0.00 | — | 0.00 | Aug 19, 2005 | Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak. | |||
| CVE-2005-1505 | 0.00 | — | 0.01 | May 11, 2005 | The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext. | |||
| CVE-2005-0127 | 0.00 | — | 0.03 | May 2, 2005 | Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine. | |||
| CVE-2004-0383 | 0.00 | — | 0.00 | May 4, 2004 | Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email." |
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.
- CVE-2006-0395Aug 5, 2006risk 0.07cvss —epss 0.54
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
- CVE-2006-0396Mar 14, 2006risk 0.04cvss —epss 0.11
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user…
- CVE-2015-7761Oct 9, 2015risk 0.00cvss —epss 0.01
Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.
- CVE-2015-5884Oct 9, 2015risk 0.00cvss —epss 0.00
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.
- CVE-2015-3710Jul 3, 2015risk 0.00cvss —epss 0.02
Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
- CVE-2014-4439Oct 18, 2014risk 0.00cvss —epss 0.02
Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients.
- CVE-2013-5182Oct 24, 2013risk 0.00cvss —epss 0.01
Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.
- CVE-2010-3887Oct 8, 2010risk 0.00cvss —epss 0.01
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a…
- CVE-2010-0525Mar 30, 2010risk 0.00cvss —epss 0.01
Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force…
- CVE-2010-0508Mar 30, 2010risk 0.00cvss —epss 0.02
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
- CVE-2008-4491Oct 8, 2008risk 0.00cvss —epss 0.01
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.
- CVE-2008-0039Feb 12, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.
- CVE-2006-1449May 12, 2006risk 0.00cvss —epss 0.05
Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment.
- CVE-2005-2745Oct 26, 2005risk 0.00cvss —epss 0.01
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
- CVE-2005-2746Oct 26, 2005risk 0.00cvss —epss 0.01
Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.
- CVE-2005-2512Aug 19, 2005risk 0.00cvss —epss 0.00
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
- CVE-2005-1505May 11, 2005risk 0.00cvss —epss 0.01
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
- CVE-2005-0127May 2, 2005risk 0.00cvss —epss 0.03
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.
- CVE-2004-0383May 4, 2004risk 0.00cvss —epss 0.00
Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email."
Page 1 of 2