Search CVE reports
1 – 2 of 2 results
Some fixes available 5 of 6
ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com...
3 affected packages
kmail, kmail-account-wizard, kdepim
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kmail | Not affected | Not affected | Not affected | Not affected |
| kmail-account-wizard | Fixed | Fixed | Fixed | Fixed |
| kdepim | Not in release | Not in release | — | — |
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
2 affected packages
kdepim-runtime, kmail-account-wizard
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kdepim-runtime | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| kmail-account-wizard | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |