Search for packages
| purl | pkg:deb/debian/kf5-messagelib@4:18.08.3-2 |
| Next non-vulnerable version | 4:20.08.3-5 |
| Latest non-vulnerable version | 4:20.08.3-5 |
| Risk | 3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2abg-xpq1-aaap
Aliases: CVE-2019-10732 |
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. |
Affected by 0 other vulnerabilities. |
|
VCID-87u9-xmz5-aaac
Aliases: CVE-2021-31855 |
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-8cux-xcv6-aaag | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. |
CVE-2017-17689
|
| VCID-b8uf-x4ym-aaaq | messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. |
CVE-2018-19516
|
| VCID-h9q5-q65x-aaaj | KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. |
CVE-2017-9604
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-22T06:58:49.547187+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-22T01:45:04.965563+00:00 | Debian Importer | Fixing | VCID-8cux-xcv6-aaag | None | 36.1.3 |
| 2025-06-22T01:19:35.212519+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T22:00:26.783227+00:00 | Debian Importer | Fixing | VCID-b8uf-x4ym-aaaq | None | 36.1.3 |
| 2025-06-21T17:00:49.841018+00:00 | Debian Oval Importer | Fixing | VCID-8cux-xcv6-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T14:03:56.408626+00:00 | Debian Oval Importer | Fixing | VCID-h9q5-q65x-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:41:35.602970+00:00 | Debian Oval Importer | Fixing | VCID-b8uf-x4ym-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T03:25:26.939802+00:00 | Debian Oval Importer | Affected by | VCID-87u9-xmz5-aaac | None | 36.1.3 |
| 2025-06-21T02:41:58.326287+00:00 | Debian Oval Importer | Affected by | VCID-2abg-xpq1-aaap | None | 36.1.3 |
| 2025-06-21T01:51:21.759934+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | None | 36.1.3 |
| 2025-06-21T01:27:13.096637+00:00 | Debian Oval Importer | Fixing | VCID-8cux-xcv6-aaag | None | 36.1.3 |
| 2025-06-21T00:27:16.991318+00:00 | Debian Oval Importer | Fixing | VCID-h9q5-q65x-aaaj | None | 36.1.3 |
| 2025-06-21T00:03:48.588672+00:00 | Debian Oval Importer | Fixing | VCID-b8uf-x4ym-aaaq | None | 36.1.3 |
| 2025-06-20T19:50:08.133354+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | None | 36.1.3 |
| 2025-06-08T12:05:55.935092+00:00 | Debian Oval Importer | Affected by | VCID-2abg-xpq1-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:04:36.744228+00:00 | Debian Oval Importer | Affected by | VCID-87u9-xmz5-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T09:45:53.087276+00:00 | Debian Oval Importer | Fixing | VCID-8cux-xcv6-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:57:50.365815+00:00 | Debian Oval Importer | Fixing | VCID-h9q5-q65x-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:37:29.269471+00:00 | Debian Oval Importer | Fixing | VCID-b8uf-x4ym-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T20:58:45.868631+00:00 | Debian Oval Importer | Affected by | VCID-87u9-xmz5-aaac | None | 36.1.0 |
| 2025-06-07T20:07:17.711570+00:00 | Debian Oval Importer | Affected by | VCID-2abg-xpq1-aaap | None | 36.1.0 |
| 2025-06-07T18:50:04.540090+00:00 | Debian Oval Importer | Fixing | VCID-8cux-xcv6-aaag | None | 36.1.0 |
| 2025-06-07T17:50:00.049198+00:00 | Debian Oval Importer | Fixing | VCID-h9q5-q65x-aaaj | None | 36.1.0 |
| 2025-06-07T17:26:36.478211+00:00 | Debian Oval Importer | Fixing | VCID-b8uf-x4ym-aaaq | None | 36.1.0 |
| 2025-06-05T13:57:06.792361+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | None | 36.1.0 |
| 2025-04-12T22:04:27.389818+00:00 | Debian Oval Importer | Fixing | VCID-h9q5-q65x-aaaj | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:15:16.661852+00:00 | Debian Oval Importer | Fixing | VCID-b8uf-x4ym-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:41:49.563898+00:00 | Debian Oval Importer | Fixing | VCID-8cux-xcv6-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:51:24.544803+00:00 | Debian Oval Importer | Affected by | VCID-2abg-xpq1-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:50:02.232259+00:00 | Debian Oval Importer | Affected by | VCID-87u9-xmz5-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T08:18:11.553776+00:00 | Debian Oval Importer | Fixing | VCID-8cux-xcv6-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:30:24.301398+00:00 | Debian Oval Importer | Fixing | VCID-h9q5-q65x-aaaj | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:09:03.072220+00:00 | Debian Oval Importer | Fixing | VCID-b8uf-x4ym-aaaq | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T19:29:11.909880+00:00 | Debian Oval Importer | Affected by | VCID-87u9-xmz5-aaac | None | 36.0.0 |
| 2025-04-07T18:44:17.029251+00:00 | Debian Oval Importer | Affected by | VCID-2abg-xpq1-aaap | None | 36.0.0 |
| 2025-04-07T17:27:53.258662+00:00 | Debian Oval Importer | Fixing | VCID-8cux-xcv6-aaag | None | 36.0.0 |
| 2025-04-07T16:26:35.301693+00:00 | Debian Oval Importer | Fixing | VCID-h9q5-q65x-aaaj | None | 36.0.0 |
| 2025-04-07T16:00:58.508404+00:00 | Debian Oval Importer | Fixing | VCID-b8uf-x4ym-aaaq | None | 36.0.0 |
| 2025-04-06T00:38:10.048358+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T20:28:59.755340+00:00 | Debian Importer | Fixing | VCID-8cux-xcv6-aaag | None | 36.0.0 |
| 2025-04-05T20:10:52.099067+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T18:01:13.329448+00:00 | Debian Importer | Fixing | VCID-b8uf-x4ym-aaaq | None | 36.0.0 |
| 2025-04-04T04:36:35.581943+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | None | 36.0.0 |
| 2025-04-03T22:55:57.217856+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | None | 36.0.0 |
| 2025-02-20T01:23:41.107062+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-20T01:23:35.088891+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | None | 35.1.0 |
| 2025-02-19T04:57:29.838124+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T04:57:24.499136+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | None | 35.1.0 |
| 2025-02-19T02:44:26.881199+00:00 | Debian Importer | Fixing | VCID-b8uf-x4ym-aaaq | None | 35.1.0 |
| 2025-02-18T21:18:57.308176+00:00 | Debian Importer | Fixing | VCID-8cux-xcv6-aaag | None | 35.1.0 |
| 2024-04-25T01:01:25.317865+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-25T01:01:17.920778+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | None | 34.0.0rc4 |
| 2024-04-24T13:50:22.646453+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T13:50:16.356937+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | None | 34.0.0rc4 |
| 2024-04-24T12:57:44.627776+00:00 | Debian Importer | Fixing | VCID-b8uf-x4ym-aaaq | None | 34.0.0rc4 |
| 2024-04-24T11:12:43.637525+00:00 | Debian Importer | Fixing | VCID-8cux-xcv6-aaag | None | 34.0.0rc4 |
| 2024-01-11T02:04:14.666652+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-11T02:04:04.849930+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | None | 34.0.0rc2 |
| 2024-01-10T16:34:55.719822+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T16:34:08.479683+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | None | 34.0.0rc2 |
| 2024-01-10T13:06:55.475707+00:00 | Debian Importer | Fixing | VCID-8cux-xcv6-aaag | None | 34.0.0rc2 |
| 2024-01-04T14:26:37.978483+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T14:26:28.927460+00:00 | Debian Importer | Affected by | VCID-87u9-xmz5-aaac | None | 34.0.0rc1 |
| 2024-01-04T06:20:28.443329+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T06:20:07.488735+00:00 | Debian Importer | Affected by | VCID-2abg-xpq1-aaap | None | 34.0.0rc1 |
| 2024-01-04T05:40:23.518959+00:00 | Debian Importer | Fixing | VCID-b8uf-x4ym-aaaq | None | 34.0.0rc1 |
| 2024-01-04T04:33:28.757770+00:00 | Debian Importer | Fixing | VCID-8cux-xcv6-aaag | None | 34.0.0rc1 |