VulnerableCode Package Details - pkg:deb/debian/kf5-messagelib@4:16.04.3-3~deb9u1

Search for packages

Package details: pkg:deb/debian/kf5-messagelib@4:16.04.3-3~deb9u1

Essentials
History (5)

purl	pkg:deb/debian/kf5-messagelib@4:16.04.3-3~deb9u1

Next non-vulnerable version	4:20.08.3-5
Latest non-vulnerable version	4:20.08.3-5
Risk	3.1

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-1vy6-upn7-u3am Aliases: CVE-2021-31855	information disclosure	4:20.08.3-5 Affected by 0 other vulnerabilities.
VCID-1xef-ynkv-nya4 Aliases: CVE-2017-9604	kmail: Send Later with Delay bypasses OpenPGP	4:18.08.3-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mgs5-srnr-5ugm Aliases: CVE-2018-19516	messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.	4:18.08.3-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mnk9-71bg-ryht Aliases: CVE-2017-17689	The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.	4:18.08.3-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-q58s-xxr3-jydw Aliases: CVE-2019-10732	In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.	4:20.08.3-5 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:28:38.255862+00:00	Debian Oval Importer	Affected by	VCID-1xef-ynkv-nya4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:22:47.898021+00:00	Debian Oval Importer	Affected by	VCID-mgs5-srnr-5ugm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:37:44.607911+00:00	Debian Oval Importer	Affected by	VCID-mnk9-71bg-ryht	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:50:46.564925+00:00	Debian Oval Importer	Affected by	VCID-q58s-xxr3-jydw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:48:48.922425+00:00	Debian Oval Importer	Affected by	VCID-1vy6-upn7-u3am	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0