Launchpad.net

CVE 2014-8878

KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.

See the CVE page on Mitre.org for more details.