In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before...
3.7CVSS
4.4AI Score
0.001EPSS
MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP...
5.9CVSS
5.4AI Score
0.001EPSS
In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the...
4.3CVSS
4.5AI Score
0.001EPSS
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka...
5.9CVSS
5.6AI Score
0.005EPSS
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS...
6.5AI Score
0.001EPSS