4 matches found
CVE-2020-12619
MailMate before 1.11 automatically imported S/MIME certificates and silently replaced existing ones, enabling a MITM attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated, thereby decrypting future communications. Th...
CVE-2018-15588
CVE-2018-15588 affects MailMate prior to 1.11.3, which mishandles a suspicious HTML/MIME structure in a signed/encrypted email. CVSSv3.0 base score 7.5 (High) with high integrity impact, network attack vector, low complexity, no privileges required.
CVE-2017-17689
CVE-2017-17689 arises from S/MIME CBC gadget attacks (EFAIL) that can lead to plaintext exfiltration. Connected sources show this affecting KDE PIM/KMail components and related mail tooling across Linux/macOS ecosystems, with public advisories describing how S/MIME/CBC malleability could leak pla...
CVE-2017-17688
CVE-2017-17688 concerns an OpenPGP CFB gadget/malleability attack (EFAIL) that can lead to plaintext exfiltration from encrypted emails. Connected advisories show Enigmail/OpenPGP patches (e.g., openSUSE SUSE/OpenSUSE-2019-368/395; Thunderbird enigmail updates) addressing this vulnerability by ti...