K-mail Security Vulnerabilities
K9Mail version <= v5.600 contains a XML External Entity (XXE) vulnerability in WebDAV response parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via malicious WebDAV server or intercept the reponse of a valid.....
10CVSS
9.3AI Score
0.002EPSS
K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. The quoted part can contain conditional statements that show completely different text if opened in a different email client. This can be abused by an...
4.3CVSS
4.7AI Score
0.001EPSS
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete...
6.8AI Score
0.032EPSS
KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without.....
6.4AI Score
0.036EPSS
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K...
7AI Score
0.006EPSS
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file...
7.2AI Score
0.008EPSS
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user...
6.9AI Score
0.0004EPSS