Vulnerabilites related to apple - mail
CVE-2005-2512 (GCVE-0-2005-2512)
Vulnerability from cvelistv5
Published
2005-08-19 04:00
Modified
2024-09-16 19:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user\u0027s preferences state otherwise, which could result in a privacy leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-08-19T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user\u0027s preferences state otherwise, which could result in a privacy leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-08-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2512",
"datePublished": "2005-08-19T04:00:00Z",
"dateReserved": "2005-08-10T00:00:00Z",
"dateUpdated": "2024-09-16T19:57:23.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0039 (GCVE-0-2008-0039)
Vulnerability from cvelistv5
Published
2008-02-12 19:00
Modified
2024-08-07 07:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:24.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"name": "28891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28891"
},
{
"name": "ADV-2008-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"name": "27736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27736"
},
{
"name": "1019361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019361"
},
{
"name": "TA08-043B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"name": "APPLE-SA-2008-02-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"name": "28891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28891"
},
{
"name": "ADV-2008-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"name": "27736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27736"
},
{
"name": "1019361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019361"
},
{
"name": "TA08-043B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"name": "APPLE-SA-2008-02-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.info.apple.com/article.html?artnum=307430",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"name": "28891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28891"
},
{
"name": "ADV-2008-0495",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"name": "27736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27736"
},
{
"name": "1019361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019361"
},
{
"name": "TA08-043B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"name": "APPLE-SA-2008-02-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0039",
"datePublished": "2008-02-12T19:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:24.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17688 (GCVE-0-2017-17688)
Vulnerability from cvelistv5
Published
2018-05-16 19:00
Modified
2024-08-05 20:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040904"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://protonmail.com/blog/pgp-vulnerability-efail",
"refsource": "MISC",
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"name": "https://news.ycombinator.com/item?id=17066419",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"name": "https://www.patreon.com/posts/cybersecurity-15-18814817",
"refsource": "MISC",
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"name": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html",
"refsource": "MISC",
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104162"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"name": "https://efail.de",
"refsource": "MISC",
"url": "https://efail.de"
},
{
"name": "https://twitter.com/matthew_d_green/status/995996706457243648",
"refsource": "MISC",
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_22",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17688",
"datePublished": "2018-05-16T19:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T20:59:17.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4491 (GCVE-0-2008-4491)
Vulnerability from cvelistv5
Published
2008-10-08 17:02
Modified
2024-08-07 10:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:10.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apple-mail-smime-information-disclosure(45688)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"name": "31598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31598"
},
{
"name": "20081006 [ENABLESECURITY] Apple\u0027s Mail.app stores your S/MIME encrypted emails in clear text",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"name": "4363",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4363"
},
{
"name": "1021019",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Mail.app 3.5 on Mac OS X, when \"Store draft messages on the server\" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "apple-mail-smime-information-disclosure(45688)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"name": "31598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31598"
},
{
"name": "20081006 [ENABLESECURITY] Apple\u0027s Mail.app stores your S/MIME encrypted emails in clear text",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"name": "4363",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4363"
},
{
"name": "1021019",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Mail.app 3.5 on Mac OS X, when \"Store draft messages on the server\" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apple-mail-smime-information-disclosure(45688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
},
{
"name": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt",
"refsource": "MISC",
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"name": "31598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31598"
},
{
"name": "20081006 [ENABLESECURITY] Apple\u0027s Mail.app stores your S/MIME encrypted emails in clear text",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"name": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/",
"refsource": "MISC",
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"name": "4363",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4363"
},
{
"name": "1021019",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4491",
"datePublished": "2008-10-08T17:02:00",
"dateReserved": "2008-10-08T00:00:00",
"dateUpdated": "2024-08-07T10:17:10.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1505 (GCVE-0-2005-1505)
Vulnerability from cvelistv5
Published
2005-05-11 04:00
Modified
2024-08-07 21:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mailapp-account-wizard-plaintext-password(20670)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20670"
},
{
"name": "20050504 Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539448630095\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mailapp-account-wizard-plaintext-password(20670)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20670"
},
{
"name": "20050504 Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539448630095\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mailapp-account-wizard-plaintext-password(20670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20670"
},
{
"name": "20050504 Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111539448630095\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1505",
"datePublished": "2005-05-11T04:00:00",
"dateReserved": "2005-05-11T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17689 (GCVE-0-2017-17689)
Vulnerability from cvelistv5
Published
2018-05-16 19:00
Modified
2024-08-05 20:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://news.ycombinator.com/item?id=17066419",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"name": "https://pastebin.com/gNCc8aYm",
"refsource": "MISC",
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104165"
},
{
"name": "https://twitter.com/matthew_d_green/status/996371541591019520",
"refsource": "MISC",
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"name": "https://efail.de",
"refsource": "MISC",
"url": "https://efail.de"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_22",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17689",
"datePublished": "2018-05-16T19:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T20:59:17.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3887 (GCVE-0-2010-3887)
Vulnerability from cvelistv5
Published
2010-10-08 21:00
Modified
2024-09-17 04:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses.
References
| ► | URL | Tags |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:11.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child\u0027s e-mail address and a parent\u0027s e-mail address, related to parental notification of unapproved e-mail addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-08T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child\u0027s e-mail address and a parent\u0027s e-mail address, related to parental notification of unapproved e-mail addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/",
"refsource": "MISC",
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3887",
"datePublished": "2010-10-08T21:00:00Z",
"dateReserved": "2010-10-08T00:00:00Z",
"dateUpdated": "2024-09-17T04:09:47.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2010-10-08 22:00
Modified
2025-04-11 00:51
Severity ?
Summary
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2F1B23-5CB1-45C5-AF97-DA82DE791400",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child\u0027s e-mail address and a parent\u0027s e-mail address, related to parental notification of unapproved e-mail addresses."
},
{
"lang": "es",
"value": "La caracter\u00edstica \u0027l\u00edmite de correo\u0027 en la funcionalidad control parental en la aplicaci\u00f3n Mail de Apple Mac OS X no aplica correctamente la lista blanca de la correspondencia, lo que permite a atacantes remotos evitar determinadas restricciones de acceso y llevar a cabo una comunicaci\u00f3n por correo electr\u00f3nico aprovechandose de que se conoce una direcci\u00f3n de correo electr\u00f3nico de un ni\u00f1o y de un padre. Esta vulnerabilidad esta relacionada con la notificaci\u00f3n a los padres de las direcciones de correo electr\u00f3nico no aprobadas."
}
],
"id": "CVE-2010-3887",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-08T22:00:36.847",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-11 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A3D9D4-B203-4C9A-B6D4-FDA2AE5F81A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext."
}
],
"id": "CVE-2005-1505",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111539448630095\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111539448630095\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20670"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-19 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2F1B23-5CB1-45C5-AF97-DA82DE791400",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0760FDDB-38D3-4263-9B4D-1AF5E613A4F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user\u0027s preferences state otherwise, which could result in a privacy leak."
}
],
"id": "CVE-2005-2512",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-16 19:29
Modified
2024-11-21 03:18
Severity ?
Summary
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 9folders | nine | - | |
| apple | - | ||
| apple | - | ||
| bloop | airmail | - | |
| emclient | emclient | - | |
| flipdogsolutions | maildroid | - | |
| freron | mailmate | - | |
| gnome | evolution | - | |
| gmail | - | ||
| horde | horde_imp | - | |
| ibm | notes | - | |
| kde | kmail | - | |
| kde | trojita | - | |
| microsoft | outlook | 2007 | |
| microsoft | outlook | 2010 | |
| microsoft | outlook | 2013 | |
| microsoft | outlook | 2016 | |
| mozilla | thunderbird | - | |
| postbox-inc | postbox | - | |
| r2mail2 | r2mail2 | - | |
| ritlabs | the_bat | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:9folders:nine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE489EA-2250-4BF0-800C-EDA6EA7D6AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "217117AE-C16C-4265-A9A9-152D06FCD64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "081D62F6-B751-4109-B10B-3CF9535B3C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F389CED1-846A-4807-B8E7-00FBECAA41A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*",
"matchCriteriaId": "930AFDDA-C32A-45E7-BA6E-5827E59B573B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2616EA-332D-4D6E-B66C-137A166E181D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C26D918-1548-4A62-BC5C-72DF9168A34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:evolution:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38B06B0D-E60A-4B61-9E39-F5116C8F22A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:gmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C671802A-2362-4E66-B5D5-079E5E6B89A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAD39AA-B9FD-492B-9BDA-57F74F4FABE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91669C83-56A0-4087-8B6D-2012EB0AE9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F01C924-2AE4-4214-9139-ED08293D198C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:trojita:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93076D12-C4AD-4DE8-A76C-9819493FF516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "D789259A-034E-40BB-9DFF-76B3104B212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "3A009EAF-41A1-4E6D-B1EB-A2DACE197A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD3770E-9513-43B2-BC9E-0CA3F63D59FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF583CDC-DE9E-45AB-9861-CB203BFA8862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BA111F-A9FB-457D-818E-412195F9EA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19296516-EAD4-4B08-8D9A-5E853C7BEF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ritlabs:the_bat:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48A3CC49-2FAC-40C9-9CDA-E4440577205E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
},
{
"lang": "es",
"value": "La especificaci\u00f3n S/MIME permite un ataque malleability-gadget Cipher Block Chaining (CBC) que puede conducir indirectamente a la exfiltraci\u00f3n en texto plano. Esto tambi\u00e9n se conoce como EFAIL."
}
],
"id": "CVE-2017-17689",
"lastModified": "2024-11-21T03:18:27.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-16T19:29:00.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://efail.de"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://efail.de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-16 19:29
Modified
2024-11-21 03:18
Severity ?
Summary
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "217117AE-C16C-4265-A9A9-152D06FCD64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "081D62F6-B751-4109-B10B-3CF9535B3C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F389CED1-846A-4807-B8E7-00FBECAA41A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*",
"matchCriteriaId": "930AFDDA-C32A-45E7-BA6E-5827E59B573B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2616EA-332D-4D6E-B66C-137A166E181D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C26D918-1548-4A62-BC5C-72DF9168A34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAD39AA-B9FD-492B-9BDA-57F74F4FABE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "D789259A-034E-40BB-9DFF-76B3104B212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF583CDC-DE9E-45AB-9861-CB203BFA8862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BA111F-A9FB-457D-818E-412195F9EA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19296516-EAD4-4B08-8D9A-5E853C7BEF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5010756A-99B8-4C05-9DAC-9BE19B8B6373",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification"
},
{
"lang": "es",
"value": "** EN DISPUTA ** La especificaci\u00f3n OpenPGP permite un ataque malleability-gadget Cipher Feedback Mode (CFB) que puede conducir indirectamente a la exfiltraci\u00f3n en texto plano. Esto tambi\u00e9n se conoce como EFAIL. NOTA: terceros indican que este es un problema en aplicaciones que gestionan de manera incorrecta la caracter\u00edstica de Modification Detection Code (MDC) o que afectan un tipo de paquete obsoleto, en lugar de un problema en la especificaci\u00f3n OpenPGP."
}
],
"id": "CVE-2017-17688",
"lastModified": "2024-11-21T03:18:27.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-16T19:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040904"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://efail.de"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://efail.de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-12 20:00
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2F1B23-5CB1-45C5-AF97-DA82DE791400",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Apple Mail de Mac OS X 10.4.11 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de un file:// URL manipulado."
}
],
"id": "CVE-2008-0039",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-12T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28891"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27736"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019361"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-08 18:00
Modified
2025-04-09 00:30
Severity ?
Summary
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4AFB0E-488A-4102-AFEA-D697E21EC43C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Mail.app 3.5 on Mac OS X, when \"Store draft messages on the server\" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail."
},
{
"lang": "es",
"value": "Apple Mail.app v3.5 en Mac OS X, cuando est\u00e1 habilitado \"Guardar los borradores en el servidor\", guarda los borradores del correo electr\u00f3nico S/MIME en texto plano en el servidor de correo, esto permite a los propietarios del servidor y a atacantes de tipo \"hombre en el medio\" (man-in-the-middle) leer los borradores."
}
],
"id": "CVE-2008-4491",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-08T18:00:03.503",
"references": [
{
"source": "cve@mitre.org",
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"source": "cve@mitre.org",
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4363"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31598"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021019"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}