Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Apple Subscribe
Filtered by product Mail
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17688 11 Apple, Bloop, Emclient and 8 more 11 Mail, Airmail, Emclient and 8 more 2019-10-02 4.3 MEDIUM 5.9 MEDIUM
** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification.
CVE-2017-17689 16 9folders, Apple, Bloop and 13 more 17 Nine, Mail, Airmail and 14 more 2019-10-02 4.3 MEDIUM 5.9 MEDIUM
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVE-2008-4491 1 Apple 2 Mac Os X, Mail 2018-10-11 5.0 MEDIUM N/A
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.
CVE-2005-1505 1 Apple 1 Mail 2017-07-10 7.5 HIGH N/A
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
CVE-2008-0039 1 Apple 2 Mac Os X, Mail 2011-03-07 6.8 MEDIUM N/A
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.
CVE-2010-3887 1 Apple 2 Mac Os X, Mail 2010-10-11 4.3 MEDIUM N/A
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses.
CVE-2005-2512 1 Apple 2 Mac Os X, Mail 2008-09-05 2.1 LOW N/A
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.