Search CVE reports
1 – 6 of 6 results
Some fixes available 5 of 6
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com...
3 affected packages
kmail, kmail-account-wizard, kdepim
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kmail | Not affected | Not affected | Not affected | Not affected |
| kmail-account-wizard | Fixed | Fixed | Fixed | Fixed |
| kdepim | Not in release | Not in release | — | — |
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
3 affected packages
kmail, ksmtp, kmailtransport
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kmail | Not affected | Not affected | Not affected | Not affected |
| ksmtp | Not affected | Not affected | Ignored | Ignored |
| kmailtransport | Not affected | Not affected | Ignored | Ignored |
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
2 affected packages
kdepim-runtime, kmail-account-wizard
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kdepim-runtime | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kmail-account-wizard | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 4 of 12
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message...
2 affected packages
kdepim, kmail
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kdepim | Not in release | Not in release | Not in release | Not in release |
| kmail | Not affected | Not affected | Fixed | Fixed |
Some fixes available 3 of 13
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters....
3 affected packages
kmail, kdepim, kf5-messagelib
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kmail | Not affected | Not affected | Not affected | Not affected |
| kdepim | Not in release | Not in release | Not in release | Not in release |
| kf5-messagelib | Not affected | Not affected | Not affected | Fixed |
Some fixes available 22 of 34
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
5 affected packages
kmail, thunderbird, evolution, kf5-messagelib, kdepim
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kmail | Not affected | Not affected | Not affected | Fixed |
| thunderbird | Fixed | Fixed | Fixed | Fixed |
| evolution | Not affected | Not affected | Not affected | Not affected |
| kf5-messagelib | Not affected | Not affected | Not affected | Fixed |
| kdepim | Not in release | Not in release | — | — |