10 matches found
CVE-2020-11880
CVE-2020-11880 affects KDE KMail prior to 19.12.3. A non-RFC6068 mailto?attach=… parameter lets a website or mailto link cause KMail to attach local files to a composed message without warning (demonstrated by attach=.bash_history). The vulnerability arises from how KMail handles the proprietary ...
CVE-2019-10732
CVE-2019-10732 affects KDE PIM’s messagelib/KMail: an attacker who has S/MIME or PGP encrypted emails can wrap the ciphertext in a crafted multipart message; by hiding parts with HTML/CSS or newline tricks, the attacker can cause the recipient to leak plaintext back when replying. Connected advis...
CVE-2017-17689
CVE-2017-17689 arises from S/MIME CBC gadget attacks (EFAIL) that can lead to plaintext exfiltration. Connected sources show this affecting KDE PIM/KMail components and related mail tooling across Linux/macOS ecosystems, with public advisories describing how S/MIME/CBC malleability could leak pla...
CVE-2016-7966
CVE-2016-7966 affects KDE’s KMail plaintext viewer. A crafted URL containing a quote character can inject HTML code due to the URL parser’s handling, limiting inclusion of characters like = or space, but allowing an HTML comment indicator to hide content. This creates a potential HTML injection r...
CVE-2021-38373
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored and cleartext messages are sent unless the server requires authentication is checked. This CVE-2021-38373 description is supported by multiple connected sources (SUSe/RHEL/Nessus mappings) indicating the same behavior; no ...
CVE-2017-9604
CVE-2017-9604 details (Mode C): Affected software uses KDE PIM components: kmail and messagelib (KDE Applications before 17.04.2), with the issue occurring in the Send Later flow. The root cause is that the plugin’s sign/encrypt action is not guaranteed to occur during Send Later, enabling potent...
CVE-2020-15954
KDE KMail 19.12.3 (aka 5.13.3) is affected by CVE-2020-15954 due to defaulting to unencrypted POP3 communication even when the UI shows encryption. Concrete references in connected docs identify the affected package as KDE components (kdepim-runtime/kmail) and note that the issue was fixed in dis...
CVE-2014-8878
CVE-2014-8878 affects KDE KMail. The available documents state that KDE KMail does not encrypt attachments in emails when “automatic encryption” is enabled, allowing remote attackers to obtain sensitive information by sniffing the network. The root cause is the lack of encryption for attachments ...
CVE-2016-7967
CVE-2016-7967 affects KMail since version 5.3.0, where the QWebEngine-based viewer ran with JavaScript enabled. The generated HTML is executed in the local file security context, enabling access to remote and local URLs. The provided documents do not specify a remediation; CVSS metrics in the sou...
CVE-2016-7968
CVE-2016-7968 affects KMail (KDE PIM) where a QWebEngine-based HTML mail viewer with JavaScript enabled could execute code in HTML mail content. Root cause: insufficient sanitization in the viewer, enabling JavaScript execution. Impact stated in sources centers on potential code execution via HTM...