Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kde kmail vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-0404
KMail 1.7.1 in KDE 3.3.2 allows remote malicious users to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
Kmail Kmail 1.7.1
Kde Kde 3.3.2
1 EDB exploit
5
CVSSv2
CVE-2017-9604
KDE kmail prior to 5.5.2 and messagelib prior to 5.5.2, as distributed in KDE Applications prior to 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote malicious users to obtain sensitive information by ...
Kde Messagelib
Kde Kmail
6.4
CVSSv2
CVE-2020-11880
An issue exists in KDE KMail prior to 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demon...
Kde Kmail
2 Articles
4.3
CVSSv2
CVE-2014-8878
KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote malicious users to obtain sensitive information by sniffing the network.
Kde Kmail 4.11.5
3.5
CVSSv2
CVE-2021-38373
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
Kde Kmail 19.12.3
4.3
CVSSv2
CVE-2020-15954
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
Kde Kmail 19.12.3
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2019-10732
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the...
Kde Kmail 5.2.3
Debian Debian Linux 8.0
7.8
CVSSv2
CVE-2007-1265
KMail 1.9.5 and previous versions does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote malicious users to forge ...
Kde K-mail 1.0.27
Kde K-mail 1.0.28
Kde K-mail 1.2
Kde K-mail 1.3.1
Kde K-mail 1.92
Kde K-mail 1.93
Kde K-mail 1.0.25
Kde K-mail 1.0.26
Kde K-mail 1.101
Kde K-mail 1.102
Kde K-mail 1.89
Kde K-mail 1.9.1
Kde K-mail 1.90
Kde K-mail 0.0.29.2
Kde K-mail 1.0.29
Kde K-mail 1.0.29.1
Kde K-mail 1.7.1
Kde K-mail 1.86.2.36
Kde K-mail 1.94
Kde K-mail 1.95
Kde K-mail 1.0.23
Kde K-mail 1.0.24
2.6
CVSSv2
CVE-2006-7139
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote malicious users to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete op...
Kde K-mail 1.9.1
1 EDB exploit
5
CVSSv2
CVE-2000-0481
Buffer overflow in KDE Kmail allows a remote malicious user to cause a denial of service via an attachment with a long file name.
Kde K-mail 1.0.26
Kde K-mail 1.0.23
Kde K-mail 1.0.24
Kde K-mail 1.0.25
Kde K-mail 1.0.27
Kde K-mail 1.0.29.1
Kde K-mail 1.0.29
Kde K-mail 1.0.28
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »