Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:kde:kmail:5.3.0:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-11880 |
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value. Published: April 17, 2020; 2:15:11 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 6.4 MEDIUM |
CVE-2017-9604 |
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. Published: June 13, 2017; 9:29:00 AM -0400 |
V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2016-7968 |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. Published: December 23, 2016; 5:59:00 PM -0500 |
V3.0: 6.5 MEDIUM V2.0: 7.5 HIGH |
CVE-2016-7967 |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled. Published: December 23, 2016; 5:59:00 PM -0500 |
V3.0: 8.1 HIGH V2.0: 5.8 MEDIUM |