Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 10 of 13 results

CVE-2021-31855

Medium priority
Needs evaluation

KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload...

2 affected packages

kdepim4, kf5-messagelib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kdepim4 Not in release Not in release Not in release Needs evaluation Ignored
kf5-messagelib Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2020-15954

Medium priority
Needs evaluation

KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

2 affected packages

kdepim-runtime, kmail-account-wizard

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kdepim-runtime Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
kmail-account-wizard Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2020-11880

Medium priority
Vulnerable

An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message...

2 affected packages

kdepim, kmail

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kdepim Not in release Not in release Not in release Not in release Needs evaluation
kmail Vulnerable Vulnerable Vulnerable Vulnerable Not in release
Show less packages

CVE-2019-10732

Medium priority
Needs evaluation

In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters....

2 affected packages

kdepim, kmail

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kdepim Not in release Not in release Not in release Not in release Needs evaluation
kmail Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
Show less packages

CVE-2014-8878

Medium priority
Vulnerable

KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.

1 affected packages

kdepim

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kdepim Not in release Not in release Not in release Not in release Not affected
Show less packages

CVE-2017-9604

Medium priority

Some fixes available 3 of 7

KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to...

2 affected packages

kdepim, kf5-messagelib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kdepim Fixed
kf5-messagelib Not in release
Show less packages

CVE-2016-7968

Medium priority
Ignored

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.

2 affected packages

kdepim, kf5-messagelib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kdepim Not affected
kf5-messagelib Not in release
Show less packages

CVE-2016-7967

Medium priority
Ignored

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.

2 affected packages

kdepim, kf5-messagelib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kdepim Not affected
kf5-messagelib Not in release
Show less packages

CVE-2016-7966

Medium priority

Some fixes available 5 of 6

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into...

4 affected packages

kcoreaddons, kdepim, kdepimlibs, kf5-messagelib

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kcoreaddons Fixed
kdepim Not affected
kdepimlibs Not affected
kf5-messagelib Not in release
Show less packages

CVE-2012-3413

Medium priority

Some fixes available 2 of 3

The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a...

1 affected packages

kdepim

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kdepim
Show less packages
  1. Previous page
  2. 1
  3. 2
  4. Next page
Export to JSON