All the vulnerabilites related to apple - mail
cve-2005-2512
Vulnerability from cvelistv5
Published
2005-08-19 04:00
Modified
2024-09-16 19:57
Severity ?
EPSS score ?
Summary
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html | vendor-advisory, x_refsource_APPLE | |
| http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user\u0027s preferences state otherwise, which could result in a privacy leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-08-19T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2005-08-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "APPLE-SA-2005-08-17",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user\u0027s preferences state otherwise, which could result in a privacy leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-08-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2512",
"datePublished": "2005-08-19T04:00:00Z",
"dateReserved": "2005-08-10T00:00:00Z",
"dateUpdated": "2024-09-16T19:57:23.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17688
Vulnerability from cvelistv5
Published
2018-05-16 19:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
References
| ▼ | URL | Tags |
|---|---|---|
| https://protonmail.com/blog/pgp-vulnerability-efail | x_refsource_MISC | |
| https://news.ycombinator.com/item?id=17066419 | x_refsource_MISC | |
| https://www.patreon.com/posts/cybersecurity-15-18814817 | x_refsource_MISC | |
| http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/104162 | vdb-entry, x_refsource_BID | |
| https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html | x_refsource_MISC | |
| https://efail.de | x_refsource_MISC | |
| https://twitter.com/matthew_d_green/status/995996706457243648 | x_refsource_MISC | |
| https://www.synology.com/support/security/Synology_SA_18_22 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040904 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040904"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://protonmail.com/blog/pgp-vulnerability-efail",
"refsource": "MISC",
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"name": "https://news.ycombinator.com/item?id=17066419",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"name": "https://www.patreon.com/posts/cybersecurity-15-18814817",
"refsource": "MISC",
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"name": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html",
"refsource": "MISC",
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"name": "104162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104162"
},
{
"name": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html",
"refsource": "MISC",
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"name": "https://efail.de",
"refsource": "MISC",
"url": "https://efail.de"
},
{
"name": "https://twitter.com/matthew_d_green/status/995996706457243648",
"refsource": "MISC",
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_22",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"name": "1040904",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040904"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17688",
"datePublished": "2018-05-16T19:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T20:59:17.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-4491
Vulnerability from cvelistv5
Published
2008-10-08 17:02
Modified
2024-08-07 10:17
Severity ?
EPSS score ?
Summary
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45688 | vdb-entry, x_refsource_XF | |
| http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/31598 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/497057/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/ | x_refsource_MISC | |
| http://securityreason.com/securityalert/4363 | third-party-advisory, x_refsource_SREASON | |
| http://www.securitytracker.com/id?1021019 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:10.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "apple-mail-smime-information-disclosure(45688)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"name": "31598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31598"
},
{
"name": "20081006 [ENABLESECURITY] Apple\u0027s Mail.app stores your S/MIME encrypted emails in clear text",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"name": "4363",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4363"
},
{
"name": "1021019",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Mail.app 3.5 on Mac OS X, when \"Store draft messages on the server\" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "apple-mail-smime-information-disclosure(45688)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"name": "31598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31598"
},
{
"name": "20081006 [ENABLESECURITY] Apple\u0027s Mail.app stores your S/MIME encrypted emails in clear text",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"name": "4363",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4363"
},
{
"name": "1021019",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Mail.app 3.5 on Mac OS X, when \"Store draft messages on the server\" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apple-mail-smime-information-disclosure(45688)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
},
{
"name": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt",
"refsource": "MISC",
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"name": "31598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31598"
},
{
"name": "20081006 [ENABLESECURITY] Apple\u0027s Mail.app stores your S/MIME encrypted emails in clear text",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"name": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/",
"refsource": "MISC",
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"name": "4363",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4363"
},
{
"name": "1021019",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4491",
"datePublished": "2008-10-08T17:02:00",
"dateReserved": "2008-10-08T00:00:00",
"dateUpdated": "2024-08-07T10:17:10.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17689
Vulnerability from cvelistv5
Published
2018-05-16 19:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://news.ycombinator.com/item?id=17066419 | x_refsource_MISC | |
| https://pastebin.com/gNCc8aYm | x_refsource_MISC | |
| http://www.securityfocus.com/bid/104165 | vdb-entry, x_refsource_BID | |
| https://twitter.com/matthew_d_green/status/996371541591019520 | x_refsource_MISC | |
| https://efail.de | x_refsource_MISC | |
| https://www.synology.com/support/security/Synology_SA_18_22 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-17T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://efail.de"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://news.ycombinator.com/item?id=17066419",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"name": "https://pastebin.com/gNCc8aYm",
"refsource": "MISC",
"url": "https://pastebin.com/gNCc8aYm"
},
{
"name": "104165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104165"
},
{
"name": "https://twitter.com/matthew_d_green/status/996371541591019520",
"refsource": "MISC",
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"name": "https://efail.de",
"refsource": "MISC",
"url": "https://efail.de"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_22",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17689",
"datePublished": "2018-05-16T19:00:00",
"dateReserved": "2017-12-15T00:00:00",
"dateUpdated": "2024-08-05T20:59:17.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1505
Vulnerability from cvelistv5
Published
2005-05-11 04:00
Modified
2024-08-07 21:51
Severity ?
EPSS score ?
Summary
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20670 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=111539448630095&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:51:50.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mailapp-account-wizard-plaintext-password(20670)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20670"
},
{
"name": "20050504 Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539448630095\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mailapp-account-wizard-plaintext-password(20670)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20670"
},
{
"name": "20050504 Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=111539448630095\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mailapp-account-wizard-plaintext-password(20670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20670"
},
{
"name": "20050504 Mac OS 10.4: new-account-wizzard in Mail 2.0 sends clear-text passwords",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=111539448630095\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1505",
"datePublished": "2005-05-11T04:00:00",
"dateReserved": "2005-05-11T00:00:00",
"dateUpdated": "2024-08-07T21:51:50.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-3887
Vulnerability from cvelistv5
Published
2010-10-08 21:00
Modified
2024-09-17 04:09
Severity ?
EPSS score ?
Summary
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:11.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child\u0027s e-mail address and a parent\u0027s e-mail address, related to parental notification of unapproved e-mail addresses."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-10-08T21:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child\u0027s e-mail address and a parent\u0027s e-mail address, related to parental notification of unapproved e-mail addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/",
"refsource": "MISC",
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-3887",
"datePublished": "2010-10-08T21:00:00Z",
"dateReserved": "2010-10-08T00:00:00Z",
"dateUpdated": "2024-09-17T04:09:47.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0039
Vulnerability from cvelistv5
Published
2008-02-12 19:00
Modified
2024-08-07 07:32
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://docs.info.apple.com/article.html?artnum=307430 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/28891 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2008/0495/references | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/27736 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1019361 | vdb-entry, x_refsource_SECTRACK | |
| http://www.us-cert.gov/cas/techalerts/TA08-043B.html | third-party-advisory, x_refsource_CERT | |
| http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html | vendor-advisory, x_refsource_APPLE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:32:24.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"name": "28891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28891"
},
{
"name": "ADV-2008-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"name": "27736",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27736"
},
{
"name": "1019361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019361"
},
{
"name": "TA08-043B",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"name": "APPLE-SA-2008-02-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"name": "28891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28891"
},
{
"name": "ADV-2008-0495",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"name": "27736",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27736"
},
{
"name": "1019361",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019361"
},
{
"name": "TA08-043B",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"name": "APPLE-SA-2008-02-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.info.apple.com/article.html?artnum=307430",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"name": "28891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28891"
},
{
"name": "ADV-2008-0495",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"name": "27736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27736"
},
{
"name": "1019361",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019361"
},
{
"name": "TA08-043B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"name": "APPLE-SA-2008-02-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0039",
"datePublished": "2008-02-12T19:00:00",
"dateReserved": "2008-01-03T00:00:00",
"dateUpdated": "2024-08-07T07:32:24.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-200810-0255
Vulnerability from variot
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. Apple Mail is prone to a weakness in its implementation of S/MIME encryption. An attacker with access to an IMAP or Exchange email server may be able to take advantage of this issue to obtain sensitive information. Mail 3.5 (929.4/929.2) is vulnerable; other versions may also be affected. Apple Mail is the mail client installed by default in Mac OS X machines. According to the standard, using S/MIME means that no one else can view the encrypted mail except the recipient and sender of the mail, and the Store draft messages on the server option stores the mail in plain text before sending it, which makes it possible Cause security misleading and information leakage
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200810-0255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mail",
"scope": "eq",
"trust": 2.4,
"vendor": "apple",
"version": "3.5"
},
{
"model": "mac os x",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "mail",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.5(929.4/929.2)"
},
{
"model": "mail",
"scope": null,
"trust": 0.3,
"vendor": "apple",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "31598"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:mail:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EnableSecurity\u203b newsletter@enablesecurity.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
],
"trust": 0.6
},
"cve": "CVE-2008-4491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-4491",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-34616",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-4491",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200810-117",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-34616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34616"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mail.app 3.5 on Mac OS X, when \"Store draft messages on the server\" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. Apple Mail is prone to a weakness in its implementation of S/MIME encryption. An attacker with access to an IMAP or Exchange email server may be able to take advantage of this issue to obtain sensitive information. \nMail 3.5 (929.4/929.2) is vulnerable; other versions may also be affected. Apple Mail is the mail client installed by default in Mac OS X machines. According to the standard, using S/MIME means that no one else can view the encrypted mail except the recipient and sender of the mail, and the Store draft messages on the server option stores the mail in plain text before sending it, which makes it possible Cause security misleading and information leakage",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "BID",
"id": "31598"
},
{
"db": "VULHUB",
"id": "VHN-34616"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-4491",
"trust": 2.8
},
{
"db": "BID",
"id": "31598",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1021019",
"trust": 1.7
},
{
"db": "SREASON",
"id": "4363",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20081006 [ENABLESECURITY] APPLE\u0027S MAIL.APP STORES YOUR S/MIME ENCRYPTED EMAILS IN CLEAR TEXT",
"trust": 0.6
},
{
"db": "XF",
"id": "45688",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-34616",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34616"
},
{
"db": "BID",
"id": "31598"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"id": "VAR-200810-0255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-34616"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:49:32.139000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.apple.com/macosx/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34616"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/31598"
},
{
"trust": 1.7,
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"trust": 1.7,
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1021019"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4363"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4491"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4491"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/45688"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/497057/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/features/mail/"
},
{
"trust": 0.3,
"url": "/archive/1/497057"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34616"
},
{
"db": "BID",
"id": "31598"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-34616"
},
{
"db": "BID",
"id": "31598"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-34616"
},
{
"date": "2008-10-06T00:00:00",
"db": "BID",
"id": "31598"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"date": "2008-10-08T18:00:03.503000",
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"date": "2008-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-34616"
},
{
"date": "2015-05-07T17:22:00",
"db": "BID",
"id": "31598"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"date": "2018-10-11T20:52:01.743000",
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"date": "2009-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mail.app Vulnerable to reading important emails",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
],
"trust": 0.6
}
}
var-201805-0228
Vulnerability from variot
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user's e-mail client. The discoverer can attack with this vulnerability "CBC/CFB gadget attack" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * CVE-2017-17688: OpenPGP CFB Attacks * CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, Articles provided by the discoverer Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. S/MIME is a certificate implementation for email encryption. A security vulnerability exists in S/MIME. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4244-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff July 13, 2018 https://www.debian.org/security/faq
Package : thunderbird CVE ID : CVE-2017-17689 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374
Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or attacks on encrypted emails.
For the stable distribution (stretch), these problems have been fixed in version 1:52.9.1-1~deb9u1.
We recommend that you upgrade your thunderbird packages.
For the detailed security status of thunderbird please refer to its security tracker page at: https://security-tracker.debian.org/tracker/thunderbird
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltI+2sACgkQEMKTtsN8 TjZXHRAAgOmSvTwwmmzxRH/4tSSpndZCFCtkHrG5PU5D3XesLGnWpNZk9aINsaU2 ih3fmEKzQgHHfAzK3d9TcGjyiI+PoVuWkVknsVqTrHd+xQtxUs7B/5Pfz5WKiYDJ QJ4NhjTgHHystYa0j2CvK28/ZoPVZgwnc/D051ChTInPWXimJI+TxpsndW/NPuaJ SphoPP34OMO2EARjrKCxiL6NRv6kD4CJv0AgoYfdO0qPXomuA8HpDAH1itd7GbRq yVJoZRnpz9dGjJSM5wyFCc1BIqmA/CMphhmqiRTuFBA+rOSEDblzfc2tg9t82CVQ caA7rF3VrYx8qmgpP3akCju+SDOEWLerFGHH1iaQ+GBqiXvduvMl/MSXCZmVZzIC 92Ko2m9kURkak4yKccEbHJ5Vh8i0oLUOc+Ee3MUUfWUblYbCcB4z34p9hRwc8u83 mmGUbsq+qWvdcd9NkekKC/ENQZt4Egb3doeEzqSkaa4uhFaQ1gGosHXGslNTCqLl 6RyeFON9Q5CWphQET+rmnlcJ8B1cSHgpG1ZTN6szlsQpiVgcRu/JYrgyzX9Y6WdY rAape6t+gsEeLOP7n9pZ/KYSadUF5CvYY/nX9H6kJO1RmG9y0A+8wAEuW+nSOMMJ vh2U09+y5XJHQqV0MMTKbnadxlyi8Oerc0zrYaoBuYhR7wmvkus= =R2OH -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0228",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "the bat",
"scope": "eq",
"trust": 1.6,
"vendor": "ritlabs",
"version": null
},
{
"model": "outlook",
"scope": "eq",
"trust": 1.3,
"vendor": "microsoft",
"version": "2013"
},
{
"model": "outlook",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2007"
},
{
"model": "kmail",
"scope": "eq",
"trust": 1.0,
"vendor": "kde",
"version": null
},
{
"model": "maildroid",
"scope": "eq",
"trust": 1.0,
"vendor": "flipdogsolutions",
"version": null
},
{
"model": "imp",
"scope": "eq",
"trust": 1.0,
"vendor": "horde",
"version": null
},
{
"model": "notes",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": null
},
{
"model": "outlook",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2010"
},
{
"model": "trojita",
"scope": "eq",
"trust": 1.0,
"vendor": "kde",
"version": null
},
{
"model": "emclient",
"scope": "eq",
"trust": 1.0,
"vendor": "emclient",
"version": null
},
{
"model": "outlook",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2016"
},
{
"model": "gmail",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": null
},
{
"model": "mailmate",
"scope": "eq",
"trust": 1.0,
"vendor": "freron",
"version": null
},
{
"model": "mail",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "airmail",
"scope": "eq",
"trust": 1.0,
"vendor": "bloop",
"version": null
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"model": "postbox",
"scope": "eq",
"trust": 1.0,
"vendor": "postbox",
"version": null
},
{
"model": "evolution",
"scope": "eq",
"trust": 1.0,
"vendor": "gnome",
"version": null
},
{
"model": "nine",
"scope": "eq",
"trust": 1.0,
"vendor": "9folders",
"version": null
},
{
"model": "r2mail2",
"scope": "eq",
"trust": 1.0,
"vendor": "r2mail2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "9folders",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "airmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "evolution",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "flipdog",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gpgtools",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnupg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mailmate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postbox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "r2mail2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ritlabs srl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "roundcube",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the enigmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the horde",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trojita",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "em client",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "r2mail2",
"scope": "eq",
"trust": 0.3,
"vendor": "r2mail2",
"version": "0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.5.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.5.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.20"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.13"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.024"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.19"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.17"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.13"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "38.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "32.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.19"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.18"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.17"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.8.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "23.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.23"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.22"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.21"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.20"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.18"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.1"
},
{
"model": "outlook",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20100"
},
{
"model": "outlook",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20070"
},
{
"model": "kmail",
"scope": null,
"trust": 0.3,
"vendor": "kde",
"version": null
},
{
"model": "lotus inotes",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": null
},
{
"model": "gmail for ios",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "mailmate",
"scope": "eq",
"trust": 0.3,
"vendor": "freron",
"version": "0"
},
{
"model": "mail",
"scope": null,
"trust": 0.3,
"vendor": "apple",
"version": null
},
{
"model": "airmail",
"scope": "eq",
"trust": 0.3,
"vendor": "airmail",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "BID",
"id": "104165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:gnome:evolution:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ibm:notes:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:9folders:nine:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kde:kmail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ritlabs:the_bat:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2010:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:google:gmail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kde:trojita:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Damian Poddebniak, Christian Dresen, Jens Muller, Fabian Ising, Sebastian Schinzel1, Simon Friedberger, Juraj Somorovsky, and Jorg Schwenk",
"sources": [
{
"db": "BID",
"id": "104165"
}
],
"trust": 0.3
},
"cve": "CVE-2017-17689",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-108736",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-17689",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17689",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-724",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108736",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-17689",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user\u0027s e-mail client. The discoverer can attack with this vulnerability \"CBC/CFB gadget attack\" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * *CVE-2017-17688: OpenPGP CFB Attacks * *CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, \u003ca href=\"https://efail.de/efail-attack-paper.pdf\" target=\"blank\"\u003e Articles provided by the discoverer \u003c/a\u003e Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. S/MIME is a certificate implementation for email encryption. A security vulnerability exists in S/MIME. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4244-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 13, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : thunderbird\nCVE ID : CVE-2017-17689 CVE-2018-5188 CVE-2018-12359 CVE-2018-12360 \n CVE-2018-12362 CVE-2018-12363 CVE-2018-12364 CVE-2018-12365 \n CVE-2018-12366 CVE-2018-12372 CVE-2018-12373 CVE-2018-12374\n\nMultiple security issues have been found in Thunderbird, which may lead\nto the execution of arbitrary code, denial of service or attacks on\nencrypted emails. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 1:52.9.1-1~deb9u1. \n\nWe recommend that you upgrade your thunderbird packages. \n\nFor the detailed security status of thunderbird please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/thunderbird\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltI+2sACgkQEMKTtsN8\nTjZXHRAAgOmSvTwwmmzxRH/4tSSpndZCFCtkHrG5PU5D3XesLGnWpNZk9aINsaU2\nih3fmEKzQgHHfAzK3d9TcGjyiI+PoVuWkVknsVqTrHd+xQtxUs7B/5Pfz5WKiYDJ\nQJ4NhjTgHHystYa0j2CvK28/ZoPVZgwnc/D051ChTInPWXimJI+TxpsndW/NPuaJ\nSphoPP34OMO2EARjrKCxiL6NRv6kD4CJv0AgoYfdO0qPXomuA8HpDAH1itd7GbRq\nyVJoZRnpz9dGjJSM5wyFCc1BIqmA/CMphhmqiRTuFBA+rOSEDblzfc2tg9t82CVQ\ncaA7rF3VrYx8qmgpP3akCju+SDOEWLerFGHH1iaQ+GBqiXvduvMl/MSXCZmVZzIC\n92Ko2m9kURkak4yKccEbHJ5Vh8i0oLUOc+Ee3MUUfWUblYbCcB4z34p9hRwc8u83\nmmGUbsq+qWvdcd9NkekKC/ENQZt4Egb3doeEzqSkaa4uhFaQ1gGosHXGslNTCqLl\n6RyeFON9Q5CWphQET+rmnlcJ8B1cSHgpG1ZTN6szlsQpiVgcRu/JYrgyzX9Y6WdY\nrAape6t+gsEeLOP7n9pZ/KYSadUF5CvYY/nX9H6kJO1RmG9y0A+8wAEuW+nSOMMJ\nvh2U09+y5XJHQqV0MMTKbnadxlyi8Oerc0zrYaoBuYhR7wmvkus=\n=R2OH\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17689"
},
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "BID",
"id": "104165"
},
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"db": "PACKETSTORM",
"id": "148553"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17689",
"trust": 3.0
},
{
"db": "BID",
"id": "104165",
"trust": 2.1
},
{
"db": "CERT/CC",
"id": "VU#122919",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU95575473",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "148553",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-108736",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17689",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"db": "BID",
"id": "104165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "PACKETSTORM",
"id": "148553"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"id": "VAR-201805-0228",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-108736"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T20:51:14.099000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Red Hat: CVE-2017-17689",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-17689"
},
{
"title": "Efail-malleability-gadget-exploit",
"trust": 0.1,
"url": "https://github.com/jaads/efail-malleability-gadget-exploit "
},
{
"title": "SecDB - Security Feeds",
"trust": 0.1,
"url": "https://github.com/giterlizzi/secdb-feeds "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/05/14/smime_pgp_encryption_flaw_emails_vulnerable_to_snooping/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-17689"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://efail.de/"
},
{
"trust": 1.9,
"url": "https://efail.de/efail-attack-paper.pdf"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/104165"
},
{
"trust": 1.8,
"url": "https://www.synology.com/support/security/synology_sa_18_22"
},
{
"trust": 1.8,
"url": "https://efail.de"
},
{
"trust": 1.8,
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"trust": 1.8,
"url": "https://pastebin.com/gncc8aym"
},
{
"trust": 1.8,
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"trust": 1.2,
"url": "https://www.kb.cert.org/vuls/id/122919"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17689"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc4880"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17689"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17688"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95575473/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17688"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577909"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-17689"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/jaads/efail-malleability-gadget-exploit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12362"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12365"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12373"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5188"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12374"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12364"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12359"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/thunderbird"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"db": "BID",
"id": "104165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "PACKETSTORM",
"id": "148553"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108736"
},
{
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"db": "BID",
"id": "104165"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "PACKETSTORM",
"id": "148553"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-14T00:00:00",
"db": "CERT/CC",
"id": "VU#122919"
},
{
"date": "2018-05-16T00:00:00",
"db": "VULHUB",
"id": "VHN-108736"
},
{
"date": "2018-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"date": "2018-05-14T00:00:00",
"db": "BID",
"id": "104165"
},
{
"date": "2018-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"date": "2018-07-14T12:12:00",
"db": "PACKETSTORM",
"id": "148553"
},
{
"date": "2017-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"date": "2018-05-16T19:29:00.303000",
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#122919"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108736"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17689"
},
{
"date": "2018-05-14T00:00:00",
"db": "BID",
"id": "104165"
},
{
"date": "2018-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-724"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-17689"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenPGP and S/MIME mail client vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-724"
}
],
"trust": 0.6
}
}
var-200505-0790
Vulnerability from variot
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0790",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mail",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "2.0"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-979"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:mail:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1505"
}
]
},
"cve": "CVE-2005-1505",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12714",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-1505",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-979",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-12714",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12714"
},
{
"db": "NVD",
"id": "CVE-2005-1505"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-979"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1505"
},
{
"db": "VULHUB",
"id": "VHN-12714"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-1505",
"trust": 1.7
},
{
"db": "BUGTRAQ",
"id": "20050504 MAC OS 10.4: NEW-ACCOUNT-WIZZARD IN MAIL 2.0 SENDS CLEAR-TEXT PASSWORDS",
"trust": 0.6
},
{
"db": "XF",
"id": "20670",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200505-979",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-12714",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12714"
},
{
"db": "NVD",
"id": "CVE-2005-1505"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-979"
}
]
},
"id": "VAR-200505-0790",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12714"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:53:39.762000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-1505"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20670"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=111539448630095\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/20670"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=111539448630095\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=111539448630095\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12714"
},
{
"db": "NVD",
"id": "CVE-2005-1505"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-979"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12714"
},
{
"db": "NVD",
"id": "CVE-2005-1505"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-979"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-12714"
},
{
"date": "2005-05-11T04:00:00",
"db": "NVD",
"id": "CVE-2005-1505"
},
{
"date": "2005-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-979"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-12714"
},
{
"date": "2017-07-11T01:32:40.750000",
"db": "NVD",
"id": "CVE-2005-1505"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-979"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-979"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mac OS Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-979"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-979"
}
],
"trust": 0.6
}
}
var-200802-0011
Vulnerability from variot
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. Apple Mac OS X 10.5.1 and prior versions are vulnerable to these issues.
I. Further details are available in the US-CERT Vulnerability Notes Database. These products include Samba and X11.
II. Impact
The impacts of these vulnerabilities vary.
III. These and other updates are available via Software Update or via Apple Downloads.
IV. Please send email to cert@cert.org with "TA08-043B Feedback VU#774345" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
February 12, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg jMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp /1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO PPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet r7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9 SAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug== =qwP5 -----END PGP SIGNATURE----- .
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
1) An unspecified error exists within Foundation in Safari's handling of URLs. This can be exploited to cause a memory corruption when a user is enticed to access a specially crafted URL.
Successful exploitation may allow execution of arbitrary code.
2) A weakness exists due to Launch Services allowing users to start uninstalled applications from a Time Machine Backup.
4) An unspecified error exists within NFS when handling mbuf chains. This can be exploited to cause a memory corruption and allows a system shutdown and potential execution of arbitrary code.
5) The problem is that Parental Controls contacts www.apple.com when a site is unblocked and allows for detection of computers running Parental Controls.
6) A boundary error in Samba can be exploited by malicious people to compromise a vulnerable system.
For more information: SA27760
7) An input validation error exists in Terminal when processing URL schemes. This can be exploited to launch an application with arbitrary command line parameters and may allow execution of arbitrary code when a user visits a specially crafted web page.
8) Multiple vulnerabilities in X11 X Font Server can be exploited by malicious, local users to gain escalated privileges.
For more information: SA27040
9) An error exists in X11, which causes certain settings ("Allow connections from network client") not to be applied.
Security Update 2008-001 (PPC): http://www.apple.com/support/downloads/securityupdate2008001ppc.html
Security Update 2008-001 (Universal): http://www.apple.com/support/downloads/securityupdate2008001universal.html
Mac OS X 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosx1052comboupdate.html
Mac OS X Server 10.5.2 Combo Update: http://www.apple.com/support/downloads/macosxserver1052comboupdate.html
PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Steven Fisher of Discovery Software Ltd. and Ian Coutier. 4) The vendor credits Oleg Drokin, Sun Microsystems. 5) The vendor credits Jesse Pearson. 6) Alin Rad Pop, Secunia Research. 7) The vendor credits Olli Leppanen of Digital Film Finland, and Brian Mastenbrook.
ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307430
OTHER REFERENCES: SA27040: http://secunia.com/advisories/27040/
SA27760: http://secunia.com/advisories/27760/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200802-0011",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mail",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.4.11"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.4.11"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.11"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.10"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774345"
},
{
"db": "BID",
"id": "27736"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001085"
},
{
"db": "NVD",
"id": "CVE-2008-0039"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-223"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:mail:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0039"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brian Mastenbrook\nSteven Fisher\nOleg Drokin\nJesse Pearson\nOlli Leppanen",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200802-223"
}
],
"trust": 0.6
},
"cve": "CVE-2008-0039",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-0039",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-30164",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-0039",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#774345",
"trust": 0.8,
"value": "20.20"
},
{
"author": "CNNVD",
"id": "CNNVD-200802-223",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-30164",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774345"
},
{
"db": "VULHUB",
"id": "VHN-30164"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001085"
},
{
"db": "NVD",
"id": "CVE-2008-0039"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-223"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL. Apple Mac OS X is prone to multiple security vulnerabilities. \nAttackers may exploit these issues to execute arbitrary code, trigger denial-of-service conditions, escalate privileges, and potentially compromise vulnerable computers. \nApple Mac OS X 10.5.1 and prior versions are vulnerable to these issues. \n\n\nI. Further\n details are available in the US-CERT Vulnerability Notes Database. These products include Samba\n and X11. \n\n\nII. Impact\n\n The impacts of these vulnerabilities vary. \n\n\nIII. These and other updates are available via Software Update or\n via Apple Downloads. \n\n\nIV. Please send\n email to \u003ccert@cert.org\u003e with \"TA08-043B Feedback VU#774345\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2008 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n February 12, 2008: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBR7HyXPRFkHkM87XOAQLgawf/WfBp5mjT+DZriprWRqe1HM4Z9SSe/5Dg\njMgSlX1j/YJC7FgZfjJvriQ+yXeOnhwvKggfTbkJWej+0AeRbyIUFWD/ZTh2Qylp\n/1vBehJW9nhT2yMT65/gT/MnbArN11AILkfSGr4W6xLPMR2zq0HsrP2SxYlAVkSO\nPPlo0KhWWATcjHjJEacdmry4fR6iv6xA0gFjWN6i18VX5LSMOEyO3LpDt+Rk8fet\nr7Pwi/QEr/nipEEw8R8Jg9+LT8dqQL1t+yhTa5pV1rceuEb3Cz67paHAqRneldW9\nSAl/TPznmYCCMHqyOfHdRBUVvOxI09OPjHYkf7ghv5e06LqbfVMZug==\n=qwP5\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\n1) An unspecified error exists within Foundation in Safari\u0027s handling\nof URLs. This can be exploited to cause a memory corruption when a\nuser is enticed to access a specially crafted URL. \n\nSuccessful exploitation may allow execution of arbitrary code. \n\n2) A weakness exists due to Launch Services allowing users to start\nuninstalled applications from a Time Machine Backup. \n\n4) An unspecified error exists within NFS when handling mbuf chains. \nThis can be exploited to cause a memory corruption and allows a\nsystem shutdown and potential execution of arbitrary code. \n\n5) The problem is that Parental Controls contacts www.apple.com when\na site is unblocked and allows for detection of computers running\nParental Controls. \n\n6) A boundary error in Samba can be exploited by malicious people to\ncompromise a vulnerable system. \n\nFor more information:\nSA27760\n\n7) An input validation error exists in Terminal when processing URL\nschemes. This can be exploited to launch an application with\narbitrary command line parameters and may allow execution of\narbitrary code when a user visits a specially crafted web page. \n\n8) Multiple vulnerabilities in X11 X Font Server can be exploited by\nmalicious, local users to gain escalated privileges. \n\nFor more information:\nSA27040\n\n9) An error exists in X11, which causes certain settings (\"Allow\nconnections from network client\") not to be applied. \n\nSecurity Update 2008-001 (PPC):\nhttp://www.apple.com/support/downloads/securityupdate2008001ppc.html\n\nSecurity Update 2008-001 (Universal):\nhttp://www.apple.com/support/downloads/securityupdate2008001universal.html\n\nMac OS X 10.5.2 Combo Update:\nhttp://www.apple.com/support/downloads/macosx1052comboupdate.html\n\nMac OS X Server 10.5.2 Combo Update:\nhttp://www.apple.com/support/downloads/macosxserver1052comboupdate.html\n\nPROVIDED AND/OR DISCOVERED BY:\n2) The vendor credits Steven Fisher of Discovery Software Ltd. and\nIan Coutier. \n4) The vendor credits Oleg Drokin, Sun Microsystems. \n5) The vendor credits Jesse Pearson. \n6) Alin Rad Pop, Secunia Research. \n7) The vendor credits Olli Leppanen of Digital Film Finland, and\nBrian Mastenbrook. \n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=307430\n\nOTHER REFERENCES:\nSA27040:\nhttp://secunia.com/advisories/27040/\n\nSA27760:\nhttp://secunia.com/advisories/27760/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-0039"
},
{
"db": "CERT/CC",
"id": "VU#774345"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001085"
},
{
"db": "BID",
"id": "27736"
},
{
"db": "VULHUB",
"id": "VHN-30164"
},
{
"db": "PACKETSTORM",
"id": "63540"
},
{
"db": "PACKETSTORM",
"id": "63584"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-0039",
"trust": 2.8
},
{
"db": "BID",
"id": "27736",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "28891",
"trust": 2.6
},
{
"db": "USCERT",
"id": "TA08-043B",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1019361",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2008-0495",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#774345",
"trust": 1.1
},
{
"db": "USCERT",
"id": "SA08-043B",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001085",
"trust": 0.8
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-02-11",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA08-043B",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200802-223",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-30164",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63540",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "63584",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774345"
},
{
"db": "VULHUB",
"id": "VHN-30164"
},
{
"db": "BID",
"id": "27736"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001085"
},
{
"db": "PACKETSTORM",
"id": "63540"
},
{
"db": "PACKETSTORM",
"id": "63584"
},
{
"db": "NVD",
"id": "CVE-2008-0039"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-223"
}
]
},
"id": "VAR-200802-0011",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-30164"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:26:11.555000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Update 2008-001",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=307430-en"
},
{
"title": "Security Update 2008-001",
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=307430-ja"
},
{
"title": "TA08-043B",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta08-043b.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001085"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-30164"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001085"
},
{
"db": "NVD",
"id": "CVE-2008-0039"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/27736"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-043b.html"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1019361"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/28891"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/feb/msg00002.html"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"trust": 0.8,
"url": "http://docs.info.apple.com/article.html?artnum=307109"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0039"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/0495"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta08-043b/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta08-043b/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-0039"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa08-043b.html"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/0495/references"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/774345"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=307109\u003e"
},
{
"trust": 0.1,
"url": "http://www.samba.org/samba/history/security.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta08-043b.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.x.org/wiki/development/security\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=307430\u003e"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/\u003e"
},
{
"trust": 0.1,
"url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple_security_update_2008_001\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosx1052comboupdate.html"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27760/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/27040/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008001universal.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/96/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/securityupdate2008001ppc.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28891/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/macosxserver1052comboupdate.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774345"
},
{
"db": "VULHUB",
"id": "VHN-30164"
},
{
"db": "BID",
"id": "27736"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001085"
},
{
"db": "PACKETSTORM",
"id": "63540"
},
{
"db": "PACKETSTORM",
"id": "63584"
},
{
"db": "NVD",
"id": "CVE-2008-0039"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-223"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#774345"
},
{
"db": "VULHUB",
"id": "VHN-30164"
},
{
"db": "BID",
"id": "27736"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001085"
},
{
"db": "PACKETSTORM",
"id": "63540"
},
{
"db": "PACKETSTORM",
"id": "63584"
},
{
"db": "NVD",
"id": "CVE-2008-0039"
},
{
"db": "CNNVD",
"id": "CNNVD-200802-223"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-02-12T00:00:00",
"db": "CERT/CC",
"id": "VU#774345"
},
{
"date": "2008-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-30164"
},
{
"date": "2008-02-11T00:00:00",
"db": "BID",
"id": "27736"
},
{
"date": "2008-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001085"
},
{
"date": "2008-02-12T22:23:40",
"db": "PACKETSTORM",
"id": "63540"
},
{
"date": "2008-02-13T21:32:17",
"db": "PACKETSTORM",
"id": "63584"
},
{
"date": "2008-02-12T20:00:00",
"db": "NVD",
"id": "CVE-2008-0039"
},
{
"date": "2008-01-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200802-223"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-02-12T00:00:00",
"db": "CERT/CC",
"id": "VU#774345"
},
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-30164"
},
{
"date": "2008-02-13T00:46:00",
"db": "BID",
"id": "27736"
},
{
"date": "2008-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001085"
},
{
"date": "2011-03-08T03:03:49.377000",
"db": "NVD",
"id": "CVE-2008-0039"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200802-223"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200802-223"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X fails to properly handle a crafted URL",
"sources": [
{
"db": "CERT/CC",
"id": "VU#774345"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200802-223"
}
],
"trust": 0.6
}
}
var-200508-0306
Vulnerability from variot
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. Apache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. Appkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. Bluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. CoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. CUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. Directory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. HItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. Kerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. loginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. Mail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. MySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. OpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. ping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. QuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. Safari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. SecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. servermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. servermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. SquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. traceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. WebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. Weblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. X11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. zlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. These vulnerabilities will be separated into individual BIDs upon further analysis of the issues
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200508-0306",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4.2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.4"
},
{
"model": "mail",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "mail",
"scope": null,
"trust": 0.6,
"vendor": "apple",
"version": null
},
{
"model": "linux i386",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "9.0"
},
{
"model": "fedora core2",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "fedora core1",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.9"
}
],
"sources": [
{
"db": "BID",
"id": "14567"
},
{
"db": "NVD",
"id": "CVE-2005-2512"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-197"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:mail:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2512"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenSSL Security Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-197"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-13721",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2512",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200508-197",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-13721",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13721"
},
{
"db": "NVD",
"id": "CVE-2005-2512"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-197"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user\u0027s preferences state otherwise, which could result in a privacy leak. Multiple security vulnerabilities are reported to affect Apple Mac OS X; updates are available. \nApache is prone to five vulnerabilities ranging from buffer overflows to access validation vulnerabilities. The CVE Mitre candidate IDs CAN-2005-1344, CAN-2004-0942, CAN-2004-0885, CAN-2004-1083, and CAN-2004-1084 are assigned to these issues. \nAppkit is prone to three vulnerabilities. Two of these could result in arbitrary code execution, the third could permit the creation of local accounts. The CVE Mitre candidate IDs CAN-2005-2501, CAN-2005-2502, and CAN-2005-2503 are assigned to these issues. \nBluetooth is prone to a vulnerability regarding authentication bypass. The CVE Mitre candidate ID CAN-2005-2504 is assigned to this issue. \nCoreFoundation is prone to two vulnerabilities, one resulting in a buffer overflow, the other a denial-of-service vulnerability. The CVE Mitre candidate IDs CAN-2005-2505 and CAN-2005-2506 are assigned to these issues. \nCUPS is prone to two vulnerabilities resulting in a denial of service until the service can be restarted. The CVE Mitre candidate IDs CAN-2005-2525 and CAN-2005-2526 are assigned to these issues. \nDirectory Services is prone to three vulnerabilities. These issues vary from buffer overflow, unauthorized account creation and deletion, and privilege escalation. The CVE Mitre candidate IDs CAN-2005-2507, CAN-2005-2508 and CAN-2005-2519 are assigned to these issues. \nHItoolbox is prone to a vulnerability that could result in information disclosure. The CVE Mitre candidate ID CAN-2005-2513 is assigned to this issue. \nKerberos is prone to five vulnerabilities that may result in a buffer overflow, execution of arbitrary code, and root compromise. The CVE Mitre candidate IDs CAN-2004-1189, CAN-2005-1174, CAN-2005-1175, CAN-2005-1689, and CAN-2005-2511 are assigned to these issues. \nloginwindow is prone to a vulnerability that could permit a user to gain access to other logged-in accounts. The CVE Mitre candidate ID CAN-2005-2509 is assigned to this issue. \nMail is prone to a vulnerability regarding the loss of privacy when remote images are loaded into HTML email. The CVE Mitre candidate ID CAN-2005-2512 is assigned to this issue. \nMySQL is prone to three vulnerabilities that include arbitrary code execution by remote authenticated users. The CVE Mitre candidate IDs CAN-2005-0709, CAN-2005-0710, and CAN-2005-0711 are assigned to these issues. \nOpenSSL is prone to two vulnerabilities resulting in denial of service. The CVE Mitre candidate IDs CAN-2004-0079 and CAN-2004-0112 are assigned to these issues. \nping is prone to a vulnerability that could allow local privilege escalation and arbitrary code execution. The CVE Mitre candidate ID CAN-2005-2514 is assigned to this issue. \nQuartzComposerScreenSaver is prone to a vulnerability that could allow users to open pages while the RSS Visualizer screen is locked. The CVE Mitre candidate ID CAN-2005-2515 is assigned to this issue. \nSafari is prone to two vulnerabilities that could result in arbitrary command execution or have information submitted to an incorrect site. The CVE Mitre candidate IDs CAN-2005-2516 and CAN-2005-2517 are assigned to these issues. \nSecurityInterface is prone to a vulnerability that could expose recently used passwords. The CVE Mitre candidate ID CAN-2005-2520 is assigned to this issue. \nservermgrd is prone to a buffer-overflow vulnerability that could ultimately lead to the execution of arbitrary code. The CVE Mitre candidate ID CAN-2005-2518 is assigned to this issue. \nservermgr_ipfilter is prone to a vulnerability regarding firewall settings not always being written to the Active Rules. The CVE Mitre candidate ID CAN-2005-2510 is assigned to this issue. \nSquirrelMail is prone to two vulnerabilities including a cross-site scripting issue. The CVE Mitre candidate IDs CAN-2005-1769 and CAN-2005-2095 are assigned to these issues. \ntraceroute is prone to a vulnerability that could result in arbitrary code execution and privilege escalation. The CVE Mitre candidate ID CAN-2005-2521 is assigned to this issue. \nWebKit is affected by a vulnerability that could result in code execution regarding a malformed PDF file. The CVE Mitre candidate ID CAN-2005-2522 is assigned to this issue. \nWeblog Server is prone to multiple cross-site scripting vulnerabilities. The CVE Mitre candidate ID CAN-2005-2523 is assigned to this issue. \nX11 is prone to a vulnerability that could result in arbitrary code execution. The CVE Mitre candidate ID CAN-2005-0605 is assigned to this issue. \nzlib is prone to two denial-of-service vulnerabilities that may ultimately lead to arbitrary code execution. The CVE Mitre candidate IDs CAN-2005-2096 and CAN-2005-1849 are assigned to these issues. \nThese vulnerabilities will be separated into individual BIDs upon further analysis of the issues",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2512"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "VULHUB",
"id": "VHN-13721"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2512",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200508-197",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2005-08-15",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2005-08-17",
"trust": 0.6
},
{
"db": "BID",
"id": "14567",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-13721",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13721"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "NVD",
"id": "CVE-2005-2512"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-197"
}
]
},
"id": "VAR-200508-0306",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13721"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:44:52.188000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005/aug/msg00000.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2005//aug/msg00001.html"
},
{
"trust": 0.3,
"url": "http://www.info.apple.com/usen/security/security_updates.html"
},
{
"trust": 0.3,
"url": "http://www.suresec.org/advisories/adv5.pdf"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13721"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "NVD",
"id": "CVE-2005-2512"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-197"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-13721"
},
{
"db": "BID",
"id": "14567"
},
{
"db": "NVD",
"id": "CVE-2005-2512"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-197"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-13721"
},
{
"date": "2005-08-15T00:00:00",
"db": "BID",
"id": "14567"
},
{
"date": "2005-08-19T04:00:00",
"db": "NVD",
"id": "CVE-2005-2512"
},
{
"date": "2003-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200508-197"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-13721"
},
{
"date": "2006-05-05T23:10:00",
"db": "BID",
"id": "14567"
},
{
"date": "2008-09-05T20:51:57.440000",
"db": "NVD",
"id": "CVE-2005-2512"
},
{
"date": "2007-03-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200508-197"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-197"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mac OS X Mail.app Information disclosure vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-197"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-197"
}
],
"trust": 0.6
}
}
var-201010-0429
Vulnerability from variot
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses. Mail is prone to a security bypass vulnerability. Mail (also known as Mail.app or Apple Mail) is an email client in the Mac OS X operating system launched by Apple
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201010-0429",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mail",
"scope": null,
"trust": 1.7,
"vendor": "apple",
"version": null
},
{
"model": "mail",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
}
],
"sources": [
{
"db": "BID",
"id": "78790"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003253"
},
{
"db": "NVD",
"id": "CVE-2010-3887"
},
{
"db": "CNNVD",
"id": "CNNVD-201010-084"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:mail:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3887"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "78790"
}
],
"trust": 0.3
},
"cve": "CVE-2010-3887",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2010-3887",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-46492",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-3887",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201010-084",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-46492",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46492"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003253"
},
{
"db": "NVD",
"id": "CVE-2010-3887"
},
{
"db": "CNNVD",
"id": "CNNVD-201010-084"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child\u0027s e-mail address and a parent\u0027s e-mail address, related to parental notification of unapproved e-mail addresses. Mail is prone to a security bypass vulnerability. Mail (also known as Mail.app or Apple Mail) is an email client in the Mac OS X operating system launched by Apple",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3887"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003253"
},
{
"db": "BID",
"id": "78790"
},
{
"db": "VULHUB",
"id": "VHN-46492"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3887",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003253",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201010-084",
"trust": 0.7
},
{
"db": "BID",
"id": "78790",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-46492",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46492"
},
{
"db": "BID",
"id": "78790"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003253"
},
{
"db": "NVD",
"id": "CVE-2010-3887"
},
{
"db": "CNNVD",
"id": "CNNVD-201010-084"
}
]
},
"id": "VAR-201010-0429",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-46492"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:53:39.788000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple OS X",
"trust": 0.8,
"url": "http://www.apple.com/macosx/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003253"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46492"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003253"
},
{
"db": "NVD",
"id": "CVE-2010-3887"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3887"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3887"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46492"
},
{
"db": "BID",
"id": "78790"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003253"
},
{
"db": "NVD",
"id": "CVE-2010-3887"
},
{
"db": "CNNVD",
"id": "CNNVD-201010-084"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-46492"
},
{
"db": "BID",
"id": "78790"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003253"
},
{
"db": "NVD",
"id": "CVE-2010-3887"
},
{
"db": "CNNVD",
"id": "CNNVD-201010-084"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-46492"
},
{
"date": "2010-10-08T00:00:00",
"db": "BID",
"id": "78790"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003253"
},
{
"date": "2010-10-08T22:00:36.847000",
"db": "NVD",
"id": "CVE-2010-3887"
},
{
"date": "2010-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201010-084"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-46492"
},
{
"date": "2010-10-08T00:00:00",
"db": "BID",
"id": "78790"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003253"
},
{
"date": "2010-10-11T18:01:23.733000",
"db": "NVD",
"id": "CVE-2010-3887"
},
{
"date": "2010-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201010-084"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201010-084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple of Mac OS X of Limit Mail Vulnerability bypassing access restrictions in functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003253"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201010-084"
}
],
"trust": 0.6
}
}
var-201805-0227
Vulnerability from variot
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user's e-mail client. The discoverer can attack with this vulnerability "CBC/CFB gadget attack" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * CVE-2017-17688: OpenPGP CFB Attacks * CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, Articles provided by the discoverer Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. OpenPGP is prone to an information disclosure vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. OpenPGP is a set of email encryption standards that supports multiple platforms
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webmail",
"scope": "eq",
"trust": 1.6,
"vendor": "roundcube",
"version": null
},
{
"model": "emclient",
"scope": "eq",
"trust": 1.0,
"vendor": "emclient",
"version": null
},
{
"model": "imp",
"scope": "eq",
"trust": 1.0,
"vendor": "horde",
"version": null
},
{
"model": "mail",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "postbox",
"scope": "eq",
"trust": 1.0,
"vendor": "postbox",
"version": null
},
{
"model": "airmail",
"scope": "eq",
"trust": 1.0,
"vendor": "bloop",
"version": null
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 1.0,
"vendor": "mozilla",
"version": null
},
{
"model": "maildroid",
"scope": "eq",
"trust": 1.0,
"vendor": "flipdogsolutions",
"version": null
},
{
"model": "r2mail2",
"scope": "eq",
"trust": 1.0,
"vendor": "r2mail2",
"version": null
},
{
"model": "mailmate",
"scope": "eq",
"trust": 1.0,
"vendor": "freron",
"version": null
},
{
"model": "outlook",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "2007"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "9folders",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "airmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "evolution",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "flipdog",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gpgtools",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gnupg",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ibm",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mailmate",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mozilla",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postbox",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "r2mail2",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ritlabs srl",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "roundcube",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the enigmail",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the horde",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trojita",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "em client",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "round cube webmail",
"scope": "eq",
"trust": 0.3,
"vendor": "roundcube",
"version": "0"
},
{
"model": "r2mail2",
"scope": "eq",
"trust": 0.3,
"vendor": "r2mail2",
"version": "0"
},
{
"model": "postbox",
"scope": "eq",
"trust": 0.3,
"vendor": "postbox",
"version": "0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.5.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.5.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.20"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.13"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.024"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.19"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.17"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.13"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.12"
},
{
"model": "thunderbird beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.52"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.13"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "9.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "8.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "7.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "52"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "45.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "38.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "32.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "31"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.19"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.18"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.17"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "3.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.8.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.6"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "24.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "23.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.23"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.22"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.21"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.20"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.18"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "2.0.0.11"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.9"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "17.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "16"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "15"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "13.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "12.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "11.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.3"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0.1"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "10.0"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.8"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.7"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.5"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.4"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.2"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.14"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.12"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.10"
},
{
"model": "thunderbird",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.5.0.1"
},
{
"model": "thunderbird beta",
"scope": "eq",
"trust": 0.3,
"vendor": "mozilla",
"version": "1.0.5"
},
{
"model": "outlook",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20070"
},
{
"model": "project horde imp",
"scope": "eq",
"trust": 0.3,
"vendor": "horde",
"version": "0"
},
{
"model": "solutions maildroid",
"scope": "eq",
"trust": 0.3,
"vendor": "flipdog",
"version": "0"
},
{
"model": "enigmail",
"scope": "eq",
"trust": 0.3,
"vendor": "enigmail",
"version": "0"
},
{
"model": "client em client",
"scope": "eq",
"trust": 0.3,
"vendor": "em",
"version": "0"
},
{
"model": "mail",
"scope": null,
"trust": 0.3,
"vendor": "apple",
"version": null
},
{
"model": "airmail",
"scope": "eq",
"trust": 0.3,
"vendor": "airmail",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "BID",
"id": "104162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:roundcube:webmail:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Damian Poddebniak, Christian Dresen, Jens M\u00fcller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jorg Schwenk.",
"sources": [
{
"db": "BID",
"id": "104162"
}
],
"trust": 0.3
},
"cve": "CVE-2017-17688",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-108735",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-17688",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-17688",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-725",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108735",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-17688",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification. In multiple mail clients OpenPGP and S/MIME A plaintext message may be leaked when decrypting the message. OpenPGP and S/MIME For e-mail clients that support, it is possible to establish a channel for sending plaintext by decrypting encrypted e-mail inserted with content crafted by an attacker with the user\u0027s e-mail client. The discoverer can attack with this vulnerability \"CBC/CFB gadget attack\" I call it. For example HTML image By inserting a tag, the decrypted message is HTTP It may be sent as part of the request. * *CVE-2017-17688: OpenPGP CFB Attacks * *CVE-2017-17689: S/MIME CBC Attacks Some email clients also use multipart MIME Because the message is not properly separated and processed, attackers can process encrypted mail in plain text. MIME It can be included in the part. in this case, CBC/CFB gadget attack The plaintext message may be sent without executing. Detail is, \u003ca href=\"https://efail.de/efail-attack-paper.pdf\" target=\"blank\"\u003e Articles provided by the discoverer \u003c/a\u003e Please refer to.A remote attacker may obtain plaintext from encrypted mail without the key information required for decryption. OpenPGP is prone to an information disclosure vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and obtain sensitive information. Successful exploits will lead to other attacks. OpenPGP is a set of email encryption standards that supports multiple platforms",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17688"
},
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "BID",
"id": "104162"
},
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "VULMON",
"id": "CVE-2017-17688"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17688",
"trust": 2.9
},
{
"db": "BID",
"id": "104162",
"trust": 2.1
},
{
"db": "CERT/CC",
"id": "VU#122919",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1040904",
"trust": 1.8
},
{
"db": "JVN",
"id": "JVNVU95575473",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-108735",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-17688",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"db": "BID",
"id": "104162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"id": "VAR-201805-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-108735"
}
],
"trust": 0.01
},
"last_update_date": "2024-05-17T19:19:57.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Debian CVElist Bug Report Logs: enigmail: efail attack against enigmail",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=56a8018aac811c8d81b81ef5a6c3623a"
},
{
"title": "Red Hat: CVE-2017-17688",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-17688"
},
{
"title": "Efail-malleability-gadget-exploit",
"trust": 0.1,
"url": "https://github.com/jaads/efail-malleability-gadget-exploit "
},
{
"title": "more\nBoring bugs",
"trust": 0.1,
"url": "https://github.com/hannob/pgpbugs "
},
{
"title": "SecDB - Security Feeds",
"trust": 0.1,
"url": "https://github.com/giterlizzi/secdb-feeds "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2018/05/14/smime_pgp_encryption_flaw_emails_vulnerable_to_snooping/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-17688"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "https://efail.de/"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/104162"
},
{
"trust": 1.8,
"url": "https://www.synology.com/support/security/synology_sa_18_22"
},
{
"trust": 1.8,
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"trust": 1.8,
"url": "https://efail.de"
},
{
"trust": 1.8,
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-may/060334.html"
},
{
"trust": 1.8,
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"trust": 1.8,
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"trust": 1.8,
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"trust": 1.8,
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1040904"
},
{
"trust": 1.6,
"url": "https://efail.de/efail-attack-paper.pdf"
},
{
"trust": 1.2,
"url": "https://www.kb.cert.org/vuls/id/122919"
},
{
"trust": 0.8,
"url": "https://tools.ietf.org/html/rfc4880"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17689"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17688"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu95575473/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17689"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17688"
},
{
"trust": 0.3,
"url": "https://www.openpgp.org/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577906"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-17688"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898630"
},
{
"trust": 0.1,
"url": "https://github.com/jaads/efail-malleability-gadget-exploit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"db": "BID",
"id": "104162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#122919"
},
{
"db": "VULHUB",
"id": "VHN-108735"
},
{
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"db": "BID",
"id": "104162"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-14T00:00:00",
"db": "CERT/CC",
"id": "VU#122919"
},
{
"date": "2018-05-16T00:00:00",
"db": "VULHUB",
"id": "VHN-108735"
},
{
"date": "2018-05-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"date": "2018-05-14T00:00:00",
"db": "BID",
"id": "104162"
},
{
"date": "2018-05-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"date": "2017-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"date": "2018-05-16T19:29:00.223000",
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-15T00:00:00",
"db": "CERT/CC",
"id": "VU#122919"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108735"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17688"
},
{
"date": "2018-05-15T10:00:00",
"db": "BID",
"id": "104162"
},
{
"date": "2018-08-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-012995"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-725"
},
{
"date": "2024-05-17T01:16:13.807000",
"db": "NVD",
"id": "CVE-2017-17688"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "OpenPGP and S/MIME mail client vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#122919"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-725"
}
],
"trust": 0.6
}
}
var-200505-0907
Vulnerability from variot
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine. The Mail application supplied with Apple's Mac OS X operating system identifies the system from which any electronic mail is sent. Apple's Mac OS X operating system contains a flaw in the handling of ICC color profiles, which may allow arbitrary code execution through a heap-based buffer overflow. An information disclosure vulnerability affects the email message ID generation of Apple Mail. This issue is due to a design error that causes the application to insecurely generate email message IDs. An attacker may leverage this issue to identify the specific computer that an email has been sent from, other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0907",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 2.4,
"vendor": "apple computer",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.3.7"
},
{
"model": "mail",
"scope": null,
"trust": 0.3,
"vendor": "apple",
"version": null
},
{
"model": "mac os server",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.3.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#464662"
},
{
"db": "CERT/CC",
"id": "VU#678150"
},
{
"db": "CERT/CC",
"id": "VU#980078"
},
{
"db": "BID",
"id": "12366"
},
{
"db": "NVD",
"id": "CVE-2005-0127"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-185"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0127"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Carl Purvis is credited with the discovery of this issue.",
"sources": [
{
"db": "BID",
"id": "12366"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-185"
}
],
"trust": 0.9
},
"cve": "CVE-2005-0127",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-11336",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-0127",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#464662",
"trust": 0.8,
"value": "2.81"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#678150",
"trust": 0.8,
"value": "8.10"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#980078",
"trust": 0.8,
"value": "4.13"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-185",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-11336",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#464662"
},
{
"db": "CERT/CC",
"id": "VU#678150"
},
{
"db": "CERT/CC",
"id": "VU#980078"
},
{
"db": "VULHUB",
"id": "VHN-11336"
},
{
"db": "NVD",
"id": "CVE-2005-0127"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-185"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine. The Mail application supplied with Apple\u0027s Mac OS X operating system identifies the system from which any electronic mail is sent. Apple\u0027s Mac OS X operating system contains a flaw in the handling of ICC color profiles, which may allow arbitrary code execution through a heap-based buffer overflow. An information disclosure vulnerability affects the email message ID generation of Apple Mail. This issue is due to a design error that causes the application to insecurely generate email message IDs. \nAn attacker may leverage this issue to identify the specific computer that an email has been sent from, other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0127"
},
{
"db": "CERT/CC",
"id": "VU#464662"
},
{
"db": "CERT/CC",
"id": "VU#678150"
},
{
"db": "CERT/CC",
"id": "VU#980078"
},
{
"db": "BID",
"id": "12366"
},
{
"db": "VULHUB",
"id": "VHN-11336"
}
],
"trust": 3.42
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "14005",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#464662",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2005-0127",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1013001",
"trust": 1.7
},
{
"db": "CERT/CC",
"id": "VU#678150",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#980078",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200505-185",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2005-01-25",
"trust": 0.6
},
{
"db": "XF",
"id": "19085",
"trust": 0.6
},
{
"db": "BID",
"id": "12366",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-11336",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#464662"
},
{
"db": "CERT/CC",
"id": "VU#678150"
},
{
"db": "CERT/CC",
"id": "VU#980078"
},
{
"db": "VULHUB",
"id": "VHN-11336"
},
{
"db": "BID",
"id": "12366"
},
{
"db": "NVD",
"id": "CVE-2005-0127"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-185"
}
]
},
"id": "VAR-200505-0907",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-11336"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:58:18.474000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0127"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://lists.apple.com/archives/security-announce/2005/jan/msg00001.html"
},
{
"trust": 2.4,
"url": "http://docs.info.apple.com/article.html?artnum=300770"
},
{
"trust": 2.4,
"url": "http://secunia.com/advisories/14005/"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/464662"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1013001"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/14005"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19085"
},
{
"trust": 0.8,
"url": "http://www.immunitysec.com/resources-advisories.shtml"
},
{
"trust": 0.8,
"url": "http://www.immunitysec.com/downloads/nukido.pdf"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/19085"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/features/mail/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#464662"
},
{
"db": "CERT/CC",
"id": "VU#678150"
},
{
"db": "CERT/CC",
"id": "VU#980078"
},
{
"db": "VULHUB",
"id": "VHN-11336"
},
{
"db": "BID",
"id": "12366"
},
{
"db": "NVD",
"id": "CVE-2005-0127"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-185"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#464662"
},
{
"db": "CERT/CC",
"id": "VU#678150"
},
{
"db": "CERT/CC",
"id": "VU#980078"
},
{
"db": "VULHUB",
"id": "VHN-11336"
},
{
"db": "BID",
"id": "12366"
},
{
"db": "NVD",
"id": "CVE-2005-0127"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-185"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-01-31T00:00:00",
"db": "CERT/CC",
"id": "VU#464662"
},
{
"date": "2005-01-27T00:00:00",
"db": "CERT/CC",
"id": "VU#678150"
},
{
"date": "2005-01-27T00:00:00",
"db": "CERT/CC",
"id": "VU#980078"
},
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-11336"
},
{
"date": "2005-01-26T00:00:00",
"db": "BID",
"id": "12366"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-0127"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-185"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-01-31T00:00:00",
"db": "CERT/CC",
"id": "VU#464662"
},
{
"date": "2005-01-28T00:00:00",
"db": "CERT/CC",
"id": "VU#678150"
},
{
"date": "2005-01-27T00:00:00",
"db": "CERT/CC",
"id": "VU#980078"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-11336"
},
{
"date": "2009-07-12T10:06:00",
"db": "BID",
"id": "12366"
},
{
"date": "2017-07-11T01:32:06.373000",
"db": "NVD",
"id": "CVE-2005-0127"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-185"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-185"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X vulnerable to information disclosure in \"Message-ID\" header",
"sources": [
{
"db": "CERT/CC",
"id": "VU#464662"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "12366"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-185"
}
],
"trust": 0.9
}
}
Vulnerability from fkie_nvd
Published
2018-05-16 19:29
Modified
2024-11-21 03:18
Severity ?
Summary
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| 9folders | nine | - | |
| apple | - | ||
| apple | - | ||
| bloop | airmail | - | |
| emclient | emclient | - | |
| flipdogsolutions | maildroid | - | |
| freron | mailmate | - | |
| gnome | evolution | - | |
| gmail | - | ||
| horde | horde_imp | - | |
| ibm | notes | - | |
| kde | kmail | - | |
| kde | trojita | - | |
| microsoft | outlook | 2007 | |
| microsoft | outlook | 2010 | |
| microsoft | outlook | 2013 | |
| microsoft | outlook | 2016 | |
| mozilla | thunderbird | - | |
| postbox-inc | postbox | - | |
| r2mail2 | r2mail2 | - | |
| ritlabs | the_bat | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:9folders:nine:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE489EA-2250-4BF0-800C-EDA6EA7D6AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "217117AE-C16C-4265-A9A9-152D06FCD64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "081D62F6-B751-4109-B10B-3CF9535B3C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F389CED1-846A-4807-B8E7-00FBECAA41A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*",
"matchCriteriaId": "930AFDDA-C32A-45E7-BA6E-5827E59B573B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2616EA-332D-4D6E-B66C-137A166E181D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C26D918-1548-4A62-BC5C-72DF9168A34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnome:evolution:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38B06B0D-E60A-4B61-9E39-F5116C8F22A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:gmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C671802A-2362-4E66-B5D5-079E5E6B89A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAD39AA-B9FD-492B-9BDA-57F74F4FABE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:notes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91669C83-56A0-4087-8B6D-2012EB0AE9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F01C924-2AE4-4214-9139-ED08293D198C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:trojita:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93076D12-C4AD-4DE8-A76C-9819493FF516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "D789259A-034E-40BB-9DFF-76B3104B212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2010:*:*:*:*:*:*:*",
"matchCriteriaId": "3A009EAF-41A1-4E6D-B1EB-A2DACE197A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2013:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD3770E-9513-43B2-BC9E-0CA3F63D59FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2016:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B1657C-0FF4-461A-BE2A-641275C4B0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF583CDC-DE9E-45AB-9861-CB203BFA8862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BA111F-A9FB-457D-818E-412195F9EA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19296516-EAD4-4B08-8D9A-5E853C7BEF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ritlabs:the_bat:-:*:*:*:*:*:*:*",
"matchCriteriaId": "48A3CC49-2FAC-40C9-9CDA-E4440577205E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL."
},
{
"lang": "es",
"value": "La especificaci\u00f3n S/MIME permite un ataque malleability-gadget Cipher Block Chaining (CBC) que puede conducir indirectamente a la exfiltraci\u00f3n en texto plano. Esto tambi\u00e9n se conoce como EFAIL."
}
],
"id": "CVE-2017-17689",
"lastModified": "2024-11-21T03:18:27.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-16T19:29:00.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://efail.de"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://efail.de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://pastebin.com/gNCc8aYm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/matthew_d_green/status/996371541591019520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-10-08 22:00
Modified
2024-11-21 01:19
Severity ?
Summary
The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child's e-mail address and a parent's e-mail address, related to parental notification of unapproved e-mail addresses.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2F1B23-5CB1-45C5-AF97-DA82DE791400",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Limit Mail feature in the Parental Controls functionality in Mail on Apple Mac OS X does not properly enforce the correspondence whitelist, which allows remote attackers to bypass intended access restrictions and conduct e-mail communication by leveraging knowledge of a child\u0027s e-mail address and a parent\u0027s e-mail address, related to parental notification of unapproved e-mail addresses."
},
{
"lang": "es",
"value": "La caracter\u00edstica \u0027l\u00edmite de correo\u0027 en la funcionalidad control parental en la aplicaci\u00f3n Mail de Apple Mac OS X no aplica correctamente la lista blanca de la correspondencia, lo que permite a atacantes remotos evitar determinadas restricciones de acceso y llevar a cabo una comunicaci\u00f3n por correo electr\u00f3nico aprovechandose de que se conoce una direcci\u00f3n de correo electr\u00f3nico de un ni\u00f1o y de un padre. Esta vulnerabilidad esta relacionada con la notificaci\u00f3n a los padres de las direcciones de correo electr\u00f3nico no aprobadas."
}
],
"id": "CVE-2010-3887",
"lastModified": "2024-11-21T01:19:49.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-10-08T22:00:36.847",
"references": [
{
"source": "cve@mitre.org",
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blog.kamens.us/2010/08/03/mac-os-x-mail-parental-controls-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-12 20:00
Modified
2024-11-21 00:41
Severity ?
Summary
Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE39585-CF3B-4493-96D8-B394544C7643",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2F1B23-5CB1-45C5-AF97-DA82DE791400",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary commands via a crafted file:// URL."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en Apple Mail de Mac OS X 10.4.11 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de un file:// URL manipulado."
}
],
"id": "CVE-2008-0039",
"lastModified": "2024-11-21T00:41:01.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-12T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28891"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27736"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019361"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Feb/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-043B.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0495/references"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-05-16 19:29
Modified
2024-11-21 03:18
Severity ?
Summary
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "217117AE-C16C-4265-A9A9-152D06FCD64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:mail:-:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "081D62F6-B751-4109-B10B-3CF9535B3C12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bloop:airmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F389CED1-846A-4807-B8E7-00FBECAA41A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:emclient:emclient:-:*:*:*:*:*:*:*",
"matchCriteriaId": "930AFDDA-C32A-45E7-BA6E-5827E59B573B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:flipdogsolutions:maildroid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED2616EA-332D-4D6E-B66C-137A166E181D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C26D918-1548-4A62-BC5C-72DF9168A34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:horde:horde_imp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDAD39AA-B9FD-492B-9BDA-57F74F4FABE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2007:*:*:*:*:*:*:*",
"matchCriteriaId": "D789259A-034E-40BB-9DFF-76B3104B212F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF583CDC-DE9E-45AB-9861-CB203BFA8862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postbox-inc:postbox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BA111F-A9FB-457D-818E-412195F9EA0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:r2mail2:r2mail2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19296516-EAD4-4B08-8D9A-5E853C7BEF58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundcube:webmail:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5010756A-99B8-4C05-9DAC-9BE19B8B6373",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification"
},
{
"lang": "es",
"value": "** EN DISPUTA ** La especificaci\u00f3n OpenPGP permite un ataque malleability-gadget Cipher Feedback Mode (CFB) que puede conducir indirectamente a la exfiltraci\u00f3n en texto plano. Esto tambi\u00e9n se conoce como EFAIL. NOTA: terceros indican que este es un problema en aplicaciones que gestionan de manera incorrecta la caracter\u00edstica de Modification Detection Code (MDC) o que afectan un tipo de paquete obsoleto, en lugar de un problema en la especificaci\u00f3n OpenPGP."
}
],
"id": "CVE-2017-17688",
"lastModified": "2024-11-21T03:18:27.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-05-16T19:29:00.223",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040904"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://efail.de"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040904"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://efail.de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://news.ycombinator.com/item?id=17066419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://protonmail.com/blog/pgp-vulnerability-efail"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/matthew_d_green/status/995996706457243648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://www.patreon.com/posts/cybersecurity-15-18814817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synology.com/support/security/Synology_SA_18_22"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-11 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "55A3D9D4-B203-4C9A-B6D4-FDA2AE5F81A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext."
}
],
"id": "CVE-2005-1505",
"lastModified": "2024-11-20T23:57:29.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=111539448630095\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=111539448630095\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20670"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-10-08 18:00
Modified
2024-11-21 00:51
Severity ?
Summary
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4AFB0E-488A-4102-AFEA-D697E21EC43C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Mail.app 3.5 on Mac OS X, when \"Store draft messages on the server\" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail."
},
{
"lang": "es",
"value": "Apple Mail.app v3.5 en Mac OS X, cuando est\u00e1 habilitado \"Guardar los borradores en el servidor\", guarda los borradores del correo electr\u00f3nico S/MIME en texto plano en el servidor de correo, esto permite a los propietarios del servidor y a atacantes de tipo \"hombre en el medio\" (man-in-the-middle) leer los borradores."
}
],
"id": "CVE-2008-4491",
"lastModified": "2024-11-21T00:51:48.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-08T18:00:03.503",
"references": [
{
"source": "cve@mitre.org",
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"source": "cve@mitre.org",
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4363"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31598"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021019"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-19 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:mail:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2F1B23-5CB1-45C5-AF97-DA82DE791400",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0760FDDB-38D3-4263-9B4D-1AF5E613A4F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user\u0027s preferences state otherwise, which could result in a privacy leak."
}
],
"id": "CVE-2005-2512",
"lastModified": "2024-11-20T23:59:43.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-19T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}