Freron Mailmate

CPE Details

Freron Mailmate
freron
mailmate
-
2018-06-25
11h32 +00:00
2021-06-02
11h54 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:freron:mailmate:-:*:*:*:*:*:*:*

Informations

Vendor

freron

Product

mailmate

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-12619 2020-08-20 20h44 +00:00 MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email.
5.9
Medium
CVE-2018-15588 2019-02-11 16h00 +00:00 MailMate before 1.11.3 mishandles a suspicious HTML/MIME structure in a signed/encrypted email.
7.5
High
CVE-2017-17688 2018-05-16 17h00 +00:00 The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an obsolete packet type, not a problem in the OpenPGP specification
5.9
Medium
CVE-2017-17689 2018-05-16 17h00 +00:00 The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
5.9
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.