21 matches found
EUVD-2018-7540
Malware in sbrugna...
EUVD-2018-7538
Malware in sbrugna...
EUVD-2018-7539
Malware in sbrugna...
EUVD-2018-7541
Malware in sbrugna...
Bloop Airmail GPG-PGP Plugin Data Forgery Issue Vulnerability
Bloop Airmail is an email application from Bloop Italy.GPG-PGP Plugin is one of the encryption components. A data forgery issue vulnerability exists in Bloop Airmail GPG-PGP Plugin 1.0 9 and prior versions, which arises from a networked system or product that does not adequately validate the orig...
CVE-2018-15670
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the...
Design/Logic Flaw
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment" prefix designate attachment parameters. If the...
CVE-2018-15667
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use it...
CVE-2018-15669
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not...
Command injection
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use it...
CVE-2018-15667
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can use it...
CVE-2018-15668
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment" prefix designate attachment parameters. If the...
Design/Logic Flaw
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are not...
Design/Logic Flaw
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the...
CVE-2018-15669
In Bloop Airmail 3.5.9 for macOS, the primary WebView policy function webView:decidePolicyForNavigationAction:request:frame:decisionListener: blacklists only requests from HTMLIFrameElements. Other HTMLFrameOwnerElements subclasses are not restricted, allowing an attacker to abuse HTML plug-in el...
CVE-2018-15668
CVE-2018-15668 affects Bloop Airmail 3.5.9 for macOS. The airmail:// URL scheme’s send command can be invoked by external applications to auto-send emails from the user’s active account, with attachment_ parameters allowing any accessible file path (including relative paths) to be attached withou...
CVE-2018-15670
Bloop Airmail 3.5.9 for macOS is affected. The primary WebView can trigger OpenURL by default during navigation handling, and a navigation request is accepted only when the currentEvent is NX_LMOUSEUP or NX_OMOUSEUP. An attacker could exploit HTML elements with an EventHandler to influence naviga...
CVE-2018-15670
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if the...
CVE-2018-15668
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment" prefix designate attachment parameters. If the...
CVE-2018-15667
CVE-2018-15667 concerns Bloop Airmail 3.5.9 on macOS, where the airmail:// URL scheme’s “send” command lets an external app send arbitrary emails from an active account without authentication. The URL handler imposes no restriction on callers and can be invoked via hyperlinks or other URL invocat...