CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 9 and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it does not verify the...

5.9CVSS6.9AI score

Exploits0References6

NVD•added 2019/05/16 5:29 p.m.•12 views

CVE-2019-8338

5.9CVSS5.8AI score0.00331EPSS

Exploits0References6

Prion•added 2019/05/16 5:29 p.m.•7 views

Code injection

4.3CVSS5.8AI score0.00331EPSS

Exploits0References6Affected Software1

Cvelist•added 2019/05/16 4:2 p.m.•12 views

CVE-2019-8338

5.8AI score0.00331EPSS

Exploits0References6

CVE•added 2019/05/16 4:2 p.m.•46 views

CVE-2019-8338

The CVE-2019-8338 issue affects the Airmail GPG-PGP Plugin (versions 1.0 (9) and earlier). The vulnerability arises because the signature verification routine does not verify the signature status and also does not verify the signing key’s validity, enabling an attacker to spoof email signatures b...

5.9CVSS6.6AI score0.00331EPSS

Exploits0References6Affected Software1

CNVD•added 2019/05/16 12:0 a.m.•0 views

Bloop Airmail GPG-PGP Plugin Data Forgery Issue Vulnerability

Bloop Airmail is an email application from Bloop Italy.GPG-PGP Plugin is one of the encryption components. A data forgery issue vulnerability exists in Bloop Airmail GPG-PGP Plugin 1.0 9 and prior versions, which arises from a networked system or product that does not adequately validate the orig...

5.9CVSS9.1AI score0.00331EPSS

Exploits0References1

The Hacker News•added 2019/04/30 4:59 p.m.•3 views

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft...

9.8CVSS9.5AI score0.02614EPSS

Exploits3

Prion•added 2018/08/21 11:29 p.m.•16 views

Design/Logic Flaw

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment" prefix designate attachment parameters. If the...

5CVSS5.5AI score0.00295EPSS

Exploits0References1Affected Software1

OSV•added 2018/08/21 11:29 p.m.•0 views

CVE-2018-15670

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the...

4.3CVSS5.8AI score

Exploits0References1

NVD•added 2018/08/21 11:29 p.m.•10 views

CVE-2018-15669

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not...

5.3CVSS5.2AI score0.00237EPSS

Exploits0References1

OSV•added 2018/08/21 11:29 p.m.•0 views

CVE-2018-15667

An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use it...

7.5CVSS5.9AI score

Exploits0References1

Prion•added 2018/08/21 11:29 p.m.•12 views

Command injection

5CVSS7.6AI score0.00232EPSS

Exploits0References1Affected Software1

NVD•added 2018/08/21 11:29 p.m.•10 views

CVE-2018-15668

5.3CVSS5.5AI score0.00295EPSS

Exploits0References1

NVD•added 2018/08/21 11:29 p.m.•9 views

CVE-2018-15667