14 matches found
EUVD-2025-204591
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature...
CVE-2024-23330
Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...
CVE-2024-23655
Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusab...
Tuta Mail (Tutanota) Accuses Google of Censoring Its Search Results
By Deeba Ahmed Shadowboxing in Search Results: Tuta Mail De-ranked and Disappearing on Google! This is a post from HackRead.com Read the original post: Tuta Mail Tutanota Accuses Google of Censoring Its Search Results...
CVE-2024-23655
Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusab...
Code injection
Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusab...
CVE-2024-23655 Attacker can prevent users from accessing received emails
Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusab...
CVE-2024-23655
CVE-2024-23655 affects Tuta (encrypted email service). A manipulation in emails sent to versions 3.118.12 through 3.119.9 can render the app unusable, preventing access to received emails on both the app and web interfaces. The issue has been fixed in version 3.119.10. In practice, an attacker co...
PT-2024-20004 · Tuta · Tuta
Name of the Vulnerable Software and Affected Versions: Tuta versions 3.118.12 through 3.119.9 Description: Tuta is an encrypted email service. An attacker can send a manipulated email to put the app into an unusable state, preventing the user from accessing received emails. This issue affects not...
CVE-2024-23330
Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...
Default configuration
Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...
CVE-2024-23330 Tuta loads images from external resources
Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...
CVE-2024-23330
CVE-2024-23330 affects Tuta (encrypted email service). In versions before 119.10, an attacker can cause an image in a HTML email to load from an external resource by default, despite protections intended to block external content. The issue occurs when displaying emails containing external conten...
PT-2024-19812 · Tuta · Tuta
Name of the Vulnerable Software and Affected Versions: Tuta versions prior to 119.10 Description: The issue concerns the loading of external content in emails. In the default setting, external resources should not be loaded without user confirmation. However, certain embedded images can be loaded...