MidnightBSD

Advisories for 9folders

CVE-2017-17689 MEDIUM

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
kde kmail -
9folders nine -
freron mailmate -
mozilla thunderbird -
kde trojita -
apple mail -
r2mail2 r2mail2 -
ritlabs the_bat -
microsoft outlook 2007
flipdogsolutions maildroid -
ibm notes -
bloop airmail -
microsoft outlook 2016
horde horde_imp -
gnome evolution -
microsoft outlook 2013
postbox-inc postbox -
google gmail -
emclient emclient -
microsoft outlook 2010
CVE-2019-12366 MEDIUM

The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
9folders nine *