Approved changes feed: RSS · Atom
cpe:2.3:a:kde:kmail:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Kde (d8ba08cf-7ec1-5504-a5b9-f8cfa50ca850) |
|---|---|
| Product | Kmail (db0b0a89-7629-5a47-8858-696ecc94069f) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/kde/kmail |
purl2cpe | 2026-06-01 10:14:05.571427 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-50624 |
vulnerable | 2026-06-03 14:57:25.265449 |
Details available
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard.
Published: 2024-10-27T00:00:00.000Z
Updated: 2025-05-31T08:03:29.146Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-11880 |
vulnerable | 2026-06-03 14:41:32.301941 |
Details available
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.
Published: 2020-04-17T17:07:26.000Z
Updated: 2024-08-04T11:42:00.582Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-9604 |
vulnerable | 2026-06-03 14:37:41.924576 |
Details available
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.
Published: 2017-06-13T13:00:00.000Z
Updated: 2024-09-17T02:16:34.175Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7968 |
vulnerable | 2026-06-03 14:36:08.741470 |
Details available
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
Published: 2016-12-23T22:00:00.000Z
Updated: 2024-08-06T02:13:21.867Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7967 |
vulnerable | 2026-06-03 14:36:08.741119 |
Details available
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.
Published: 2016-12-23T22:00:00.000Z
Updated: 2024-08-06T02:13:21.600Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7966 |
vulnerable | 2026-06-03 14:36:08.740624 |
Details available
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
Published: 2016-12-23T22:00:00.000Z
Updated: 2024-08-06T02:13:21.538Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.