VYPR

Mail

by Apple Inc.

CVEs (22)

  • CVE-2017-13874HigDec 25, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection.

  • CVE-2006-0395Aug 5, 2006
    risk 0.07cvss epss 0.54

    The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.

  • CVE-2006-0396Mar 14, 2006
    risk 0.04cvss epss 0.11

    Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user…

  • CVE-2015-7761Oct 9, 2015
    risk 0.00cvss epss 0.01

    Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message, a different vulnerability than CVE-2015-7760.

  • CVE-2015-5884Oct 9, 2015
    risk 0.00cvss epss 0.00

    The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.

  • CVE-2015-3710Jul 3, 2015
    risk 0.00cvss epss 0.02

    Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.

  • CVE-2014-4439Oct 18, 2014
    risk 0.00cvss epss 0.02

    Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients.

  • CVE-2013-5182Oct 24, 2013
    risk 0.00cvss epss 0.01

    Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message.

  • CVE-2010-3887Oct 8, 2010
    risk 0.00cvss epss 0.01

    The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a…

  • CVE-2010-0525Mar 30, 2010
    risk 0.00cvss epss 0.01

    Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force…

  • CVE-2010-0508Mar 30, 2010
    risk 0.00cvss epss 0.02

    Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.

  • CVE-2008-4491Oct 8, 2008
    risk 0.00cvss epss 0.01

    Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.

  • CVE-2008-0039Feb 12, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.

  • CVE-2006-1449May 12, 2006
    risk 0.00cvss epss 0.05

    Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment.

  • CVE-2005-2745Oct 26, 2005
    risk 0.00cvss epss 0.01

    Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.

  • CVE-2005-2746Oct 26, 2005
    risk 0.00cvss epss 0.01

    Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.

  • CVE-2005-2512Aug 19, 2005
    risk 0.00cvss epss 0.00

    Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.

  • CVE-2005-1505May 11, 2005
    risk 0.00cvss epss 0.01

    The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.

  • CVE-2005-0127May 2, 2005
    risk 0.00cvss epss 0.03

    Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.

  • CVE-2004-0383May 4, 2004
    risk 0.00cvss epss 0.00

    Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email."

Page 1 of 2