Search for packages
| purl | pkg:deb/ubuntu/kdepim@4:4.2.2-1ubuntu3 |
| Next non-vulnerable version | 4:15.12.3-0ubuntu1.1 |
| Latest non-vulnerable version | 4:15.12.3-0ubuntu1.1 |
| Risk | 3.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7aeh-1hxs-aaas
Aliases: CVE-2016-7968 |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. |
Affected by 2 other vulnerabilities. |
|
VCID-h9q5-q65x-aaaj
Aliases: CVE-2017-9604 |
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-tt9w-3f6n-aaab
Aliases: CVE-2014-8878 |
KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. |
Affected by 1 other vulnerability. |
|
VCID-yc91-m9z9-aaag
Aliases: CVE-2016-7967 |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|