Search CVE reports
1 – 9 of 9 results
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in...
2 affected packages
kf5-messagelib, messagelib
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| kf5-messagelib | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| messagelib | Needs evaluation | Not in release | Not in release | — | — |
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload...
2 affected packages
kdepim4, kf5-messagelib
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| kdepim4 | Not in release | Not in release | Not in release | Not in release | Vulnerable |
| kf5-messagelib | Not in release | Needs evaluation | Needs evaluation | Ignored | Ignored |
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.
1 affected package
kf5-messagelib
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| kf5-messagelib | Not in release | Not affected | Vulnerable | Vulnerable | Vulnerable |
Some fixes available 3 of 13
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters....
3 affected packages
kdepim, kf5-messagelib, kmail
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| kdepim | — | Not in release | Not in release | Not in release | Not in release |
| kf5-messagelib | — | Not affected | Not affected | Not affected | Fixed |
| kmail | — | Not affected | Not affected | Not affected | Not affected |
Some fixes available 22 of 34
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
5 affected packages
evolution, kdepim, kf5-messagelib, kmail, thunderbird
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| evolution | — | Not affected | Not affected | Not affected | Not affected |
| kdepim | — | Not in release | Not in release | — | — |
| kf5-messagelib | — | Not affected | Not affected | Not affected | Fixed |
| kmail | — | Not affected | Not affected | Not affected | Fixed |
| thunderbird | — | Fixed | Fixed | Fixed | Fixed |
Some fixes available 3 of 7
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to...
2 affected packages
kdepim, kf5-messagelib
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| kdepim | — | — | — | — | — |
| kf5-messagelib | — | — | — | — | — |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
2 affected packages
kdepim, kf5-messagelib
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| kdepim | — | — | — | — | — |
| kf5-messagelib | — | — | — | — | — |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.
2 affected packages
kdepim, kf5-messagelib
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| kdepim | — | — | — | — | — |
| kf5-messagelib | — | — | — | — | — |
Some fixes available 5 of 6
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into...
4 affected packages
kcoreaddons, kdepim, kdepimlibs, kf5-messagelib
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| kcoreaddons | — | — | — | — | — |
| kdepim | — | — | — | — | — |
| kdepimlibs | — | — | — | — | — |
| kf5-messagelib | — | — | — | — | — |