Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kde kmail - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-9604
KDE kmail prior to 5.5.2 and messagelib prior to 5.5.2, as distributed in KDE Applications prior to 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote malicious users to obtain sensitive information by ...
Kde Kmail
Kde Messagelib
6.5
CVSSv3
CVE-2021-31855
KDE Messagelib up to and including 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote...
Kde Messagelib
6.5
CVSSv3
CVE-2020-15954
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
Kde Kmail 19.12.3
Debian Debian Linux 9.0
6.5
CVSSv3
CVE-2020-11880
An issue exists in KDE KMail prior to 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demon...
Kde Kmail
2 Articles
5.9
CVSSv3
CVE-2017-17689
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Microsoft Outlook 2016
Microsoft Outlook 2007
Microsoft Outlook 2013
Microsoft Outlook 2010
Horde Horde Imp -
Google Gmail -
9folders Nine -
Flipdogsolutions Maildroid -
R2mail2 R2mail2 -
Apple Mail -
Bloop Airmail -
Freron Mailmate -
Kde Kmail -
Kde Trojita -
Gnome Evolution -
Mozilla Thunderbird -
Ibm Notes -
Emclient Emclient -
Postbox-inc Postbox -
Ritlabs The Bat -
1 Github repository
1 Article
5.9
CVSSv3
CVE-2014-8878
KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote malicious users to obtain sensitive information by sniffing the network.
Kde Kmail 4.11.5
5.3
CVSSv3
CVE-2021-38373
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
Kde Kmail 19.12.3
4.3
CVSSv3
CVE-2019-10732
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the...
Kde Kmail 5.2.3
Debian Debian Linux 8.0
NA
CVE-2023-52723
In KDE libksieve prior to 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value.
NA
CVE-2006-7139
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote malicious users to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete op...
Kde K-mail 1.9.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »