Lucene search
K
KdeKmail

10 matches found

CVE
CVE
added 2020/04/17 5:7 p.m.158 views

CVE-2020-11880

CVE-2020-11880 affects KDE KMail prior to 19.12.3. A non-RFC6068 mailto?attach=… parameter lets a website or mailto link cause KMail to attach local files to a composed message without warning (demonstrated by attach=.bash_history). The vulnerability arises from how KMail handles the proprietary ...

6.5CVSS6.3AI score0.0085EPSS
CVE
CVE
added 2019/04/07 2:32 p.m.156 views

CVE-2019-10732

CVE-2019-10732 affects KDE PIM’s messagelib/KMail: an attacker who has S/MIME or PGP encrypted emails can wrap the ciphertext in a crafted multipart message; by hiding parts with HTML/CSS or newline tricks, the attacker can cause the recipient to leak plaintext back when replying. Connected advis...

4.3CVSS4.2AI score0.00586EPSS
CVE
CVE
added 2018/05/16 7:0 p.m.127 views

CVE-2017-17689

CVE-2017-17689 arises from S/MIME CBC gadget attacks (EFAIL) that can lead to plaintext exfiltration. Connected sources show this affecting KDE PIM/KMail components and related mail tooling across Linux/macOS ecosystems, with public advisories describing how S/MIME/CBC malleability could leak pla...

5.9CVSS5.6AI score0.04219EPSS
CVE
CVE
added 2016/12/23 10:0 p.m.86 views

CVE-2016-7966

CVE-2016-7966 affects KDE’s KMail plaintext viewer. A crafted URL containing a quote character can inject HTML code due to the URL parser’s handling, limiting inclusion of characters like = or space, but allowing an HTML comment indicator to hide content. This creates a potential HTML injection r...

7.5CVSS7.2AI score0.02345EPSS
CVE
CVE
added 2021/08/10 2:51 p.m.78 views

CVE-2021-38373

In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored and cleartext messages are sent unless the server requires authentication is checked. This CVE-2021-38373 description is supported by multiple connected sources (SUSe/RHEL/Nessus mappings) indicating the same behavior; no ...

5.3CVSS5.1AI score0.00527EPSS
CVE
CVE
added 2017/06/13 1:0 p.m.69 views

CVE-2017-9604

CVE-2017-9604 details (Mode C): Affected software uses KDE PIM components: kmail and messagelib (KDE Applications before 17.04.2), with the issue occurring in the Send Later flow. The root cause is that the plugin’s sign/encrypt action is not guaranteed to occur during Send Later, enabling potent...

7.5CVSS6.5AI score0.01294EPSS
CVE
CVE
added 2020/07/27 6:6 a.m.62 views

CVE-2020-15954

KDE KMail 19.12.3 (aka 5.13.3) is affected by CVE-2020-15954 due to defaulting to unencrypted POP3 communication even when the UI shows encryption. Concrete references in connected docs identify the affected package as KDE components (kdepim-runtime/kmail) and note that the issue was fixed in dis...

6.5CVSS6.2AI score0.00653EPSS
CVE
CVE
added 2017/09/27 5:0 p.m.56 views

CVE-2014-8878

CVE-2014-8878 affects KDE KMail. The available documents state that KDE KMail does not encrypt attachments in emails when “automatic encryption” is enabled, allowing remote attackers to obtain sensitive information by sniffing the network. The root cause is the lack of encryption for attachments ...

5.9CVSS5.5AI score0.0121EPSS
CVE
CVE
added 2016/12/23 10:0 p.m.52 views

CVE-2016-7967

CVE-2016-7967 affects KMail since version 5.3.0, where the QWebEngine-based viewer ran with JavaScript enabled. The generated HTML is executed in the local file security context, enabling access to remote and local URLs. The provided documents do not specify a remediation; CVSS metrics in the sou...

8.1CVSS7.4AI score0.0192EPSS
CVE
CVE
added 2016/12/23 10:0 p.m.50 views

CVE-2016-7968

CVE-2016-7968 affects KMail (KDE PIM) where a QWebEngine-based HTML mail viewer with JavaScript enabled could execute code in HTML mail content. Root cause: insufficient sanitization in the viewer, enabling JavaScript execution. Impact stated in sources centers on potential code execution via HTM...

7.5CVSS6.9AI score0.01174EPSS