Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-07	CVE-2019-10732	Cleartext Transmission of Sensitive Information vulnerability in multiple products In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. network low complexity kde debian CWE-319	4.3
2018-09-06	CVE-2018-1000801	Path Traversal vulnerability in multiple products okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. local low complexity kde debian CWE-22	5.5
2018-05-16	CVE-2017-17689	The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. network high complexity microsoft horde google 9folders flipdogsolutions r2mail2 apple bloop freron kde gnome mozilla ibm emclient postbox-inc ritlabs	5.9
2018-02-07	CVE-2018-6791	OS Command Injection vulnerability in multiple products An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. low complexity kde debian CWE-78	6.8
2018-02-07	CVE-2018-6790	Information Exposure vulnerability in KDE Plasma-Workspace An issue was discovered in KDE Plasma Workspace before 5.12.0. network low complexity kde CWE-200	5.3
2017-09-28	CVE-2014-8878	Cryptographic Issues vulnerability in KDE Kmail 4.11.5 KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. network high complexity kde CWE-310	5.9
2017-03-02	CVE-2017-6410	Cleartext Transmission of Sensitive Information vulnerability in KDE Kdelibs kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. local low complexity kde CWE-319	5.5
2016-12-23	CVE-2016-7968	Code Injection vulnerability in KDE Kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. network low complexity kde CWE-94	6.5
2016-12-23	CVE-2016-7787	Code Injection vulnerability in multiple products A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. network low complexity kde opensuse CWE-94	4.9
2016-12-23	CVE-2016-2312	7PK - Security Features vulnerability in multiple products Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. low complexity kde fedoraproject opensuse CWE-254	6.8