Kde Kmail
By the Year
In 2024 there have been 0 vulnerabilities in Kde Kmail . Kmail did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 5.30 |
| 2020 | 1 | 6.50 |
| 2019 | 1 | 4.30 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Kmail vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Kde Kmail Security Vulnerabilities
In KDE KMail 19.12.3 (aka 5.13.3)
CVE-2021-38373
5.3 - Medium
- August 10, 2021
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
Command Injection
An issue was discovered in KDE KMail before 19.12.3
CVE-2020-11880
6.5 - Medium
- April 17, 2020
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email
CVE-2019-10732
4.3 - Medium
- April 07, 2019
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
Cleartext Transmission of Sensitive Information
