83 matches found
Design/Logic Flaw
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature...
CVE-2018-4174
An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted messages by leveraging an inconsistency in the user interface...
CVE-2018-4174
CVE-2018-4174 affects Apple iOS <11.3 and macOS
CVE-2017-13871
An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Mail" component. It allows remote attackers to read cleartext e-mail content for which S/MIME encryption was intended by leveraging the lack of installation of an S/MIME certificate by the...
CVE-2017-13874
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail" component. It might allow remote attackers to bypass an intended encryption protection mechanism by leveraging incorrect S/MIME certificate selection...
Apple iOS Memory Corruption Vulnerability (CNVD-2018-00597)
Apple iOS is an operating system developed by Apple for mobile devices, and Mail is one of the mail clients. A security vulnerability exists in the Mail component of Apple iOS prior to version 11.2. An attacker can exploit this vulnerability to cause the system to use incorrect certificates for...
Apple macOS High Sierra Mail component plaintext delivery vulnerability
Apple macOS High Sierra is a specialized operating system developed by Apple for Mac computers.Mail component is one of the email components. A security vulnerability exists in the Mail component of Apple macOS High Sierra prior to 10.13.2, which stems from the fact that an encrypted S/MIME email...
CVE-2017-7141
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via ...
Design/Logic Flaw
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via ...
The vulnerability of the Mac OS X operating system, which allows a hacker to trigger a service failure
The vulnerability of the Mail component in the Mac OS X operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures through a specially crafted URL...
CVE-2016-4689
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate...
Code injection
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate...
CVE-2016-7580
An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Mail" component, which allows remote web servers to cause a denial of service via a crafted URL...
CVE-2016-4689
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Mail" component, which does not alert the user to an S/MIME email signature that used a revoked certificate...
Command injection
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double...
CVE-2016-10034
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double...
Joomla! < 3.6.1 Multiple Vulnerabilities
According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.6.1. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the mail component due to improper sanitization of input before...
Joomla! -- multiple vulnerabilities
The JSST and the Joomla! Security Center report: 20160801 - Core - ACL Violation Inadequate ACL checks in comcontent provide potential read access to data which should be access restricted to users with editown level. 20160802 - Core - XSS Vulnerability Inadequate escaping leads to XSS...
The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information
The vulnerability in the mail/compose/ComposeActivity.java function of the AOSP Mail component in the Android operating system is related to the lack of protection for sensitive data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential informati...
Android AOSP Mail Information Disclosure Vulnerability (CNVD-2016-02863)
Android is the United States Google Google and the Open Handheld Alliance referred to as OHA jointly developed a set of Linux-based open source operating system.AOSP Mail is one of the AOSP Android Open Source Project e-mail component. AOSP Mail for Android suffers from an information disclosure...