Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-17688 | 11 Apple, Bloop, Emclient and 8 more | 11 Mail, Airmail, Emclient and 8 more | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification. | |||||
CVE-2017-17689 | 16 9folders, Apple, Bloop and 13 more | 17 Nine, Mail, Airmail and 14 more | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | |||||
CVE-2008-4491 | 1 Apple | 2 Mac Os X, Mail | 2018-10-11 | 5.0 MEDIUM | N/A |
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. | |||||
CVE-2005-1505 | 1 Apple | 1 Mail | 2017-07-10 | 7.5 HIGH | N/A |
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext. | |||||
CVE-2008-0039 | 1 Apple | 2 Mac Os X, Mail | 2011-03-07 | 6.8 MEDIUM | N/A |
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. | |||||
CVE-2010-3887 | 1 Apple | 2 Mac Os X, Mail | 2010-10-11 | 4.3 MEDIUM | N/A |
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. | |||||
CVE-2005-2512 | 1 Apple | 2 Mac Os X, Mail | 2008-09-05 | 2.1 LOW | N/A |
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak. |