CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38372
https://notcve.org/view.php?id=CVE-2021-38372
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS. En KDE Trojita versión 0.7, unos atacantes de tipo man-in-the-middle pueden crear nuevas carpetas porque las respuestas no etiquetadas de un servidor IMAP son aceptadas antes de STARTTLS • https://bugs.kde.org/show_bug.cgi?id=432353 https://nostarttls.secvuln.info • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15047
https://notcve.org/view.php?id=CVE-2020-15047
MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers. El archivo MSA/SMTP.cpp en Trojita versiones anteriores a 0.8 ignora los errores de verificación de certificados, que permite a atacantes de tipo man-in-the-middle falsificar servidores SMTP • https://bugs.kde.org/show_bug.cgi?id=423453 https://gerrit.vesnicky.cesnet.cz/r/1035 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10734
https://notcve.org/view.php?id=CVE-2019-10734
In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. En KDE Trojita 0.7, un atacante que posea correos electrónicos cifrados en S/MIME o PGP puede envolverlos como subpartes de un correo electrónico multiparte manipulado. • https://bugs.kde.org/show_bug.cgi?id=404697 • CWE-319: Cleartext Transmission of Sensitive Information •