Search CVE reports
1 – 10 of 13 results
CVE-2021-31855
Medium priorityKDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload...
2 affected packages
kdepim4, kf5-messagelib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kdepim4 | Not in release | Not in release | Not in release | Needs evaluation | Ignored |
| kf5-messagelib | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2020-15954
Medium priorityKDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
2 affected packages
kdepim-runtime, kmail-account-wizard
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kdepim-runtime | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kmail-account-wizard | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2020-11880
Medium priorityAn issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message...
2 affected packages
kdepim, kmail
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kdepim | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| kmail | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Not in release |
CVE-2019-10732
Medium priorityIn KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters....
2 affected packages
kdepim, kmail
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kdepim | Not in release | Not in release | Not in release | Not in release | Needs evaluation |
| kmail | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
CVE-2014-8878
Medium priorityKDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
1 affected packages
kdepim
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kdepim | Not in release | Not in release | Not in release | Not in release | Not affected |
CVE-2017-9604
Medium prioritySome fixes available 3 of 7
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to...
2 affected packages
kdepim, kf5-messagelib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kdepim | — | — | — | — | Fixed |
| kf5-messagelib | — | — | — | — | Not in release |
CVE-2016-7968
Medium priorityKMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
2 affected packages
kdepim, kf5-messagelib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kdepim | — | — | — | — | Not affected |
| kf5-messagelib | — | — | — | — | Not in release |
CVE-2016-7967
Medium priorityKMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.
2 affected packages
kdepim, kf5-messagelib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kdepim | — | — | — | — | Not affected |
| kf5-messagelib | — | — | — | — | Not in release |
CVE-2016-7966
Medium prioritySome fixes available 5 of 6
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into...
4 affected packages
kcoreaddons, kdepim, kdepimlibs, kf5-messagelib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kcoreaddons | — | — | — | — | Fixed |
| kdepim | — | — | — | — | Not affected |
| kdepimlibs | — | — | — | — | Not affected |
| kf5-messagelib | — | — | — | — | Not in release |
CVE-2012-3413
Medium prioritySome fixes available 2 of 3
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a...
1 affected packages
kdepim
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kdepim | — | — | — | — | — |