← Back

Mailmate

mailmate

Vendor: Freron • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-12619
1Freron
1Mailmate
Nov 21, 2024
Aug 20, 2020
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and...Show more
MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.Show less
CVE-2018-15588
1Freron
1Mailmate
Nov 21, 2024
Feb 11, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.
CVE-2017-17689
169folders
AppleBloop+13 more
17Airmail
EmclientEvolution+14 more
Nov 21, 2024
May 16, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVE-2017-17688
11Apple
BloopEmclient+8 more
11Airmail
EmclientHorde Imp+8 more
Nov 21, 2024
May 16, 2018
N/A· v4
5.9 MEDIUM· v3
4.3 MEDIUM· v2
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications th...Show more
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specificationShow less