VYPR

Kde

by KDE

Source repositories

CVEs (77)

  • CVE-2005-1920HigJul 26, 2005
    risk 0.49cvss 7.5epss 0.04

    The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.

  • CVE-2004-0689HigSep 28, 2004
    risk 0.46cvss 7.1epss 0.00

    KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

  • CVE-2012-4515Nov 11, 2012
    risk 0.04cvss epss 0.06

    Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.

  • CVE-2012-4514Nov 11, 2012
    risk 0.04cvss epss 0.10

    rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."

  • CVE-2012-4513Nov 11, 2012
    risk 0.04cvss epss 0.13

    khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.

  • CVE-2004-1491Dec 31, 2004
    risk 0.04cvss epss 0.13

    Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

  • CVE-2002-1224Oct 28, 2002
    risk 0.04cvss epss 0.09

    Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.

  • CVE-2005-0404May 2, 2005
    risk 0.03cvss epss 0.03

    KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.

  • CVE-2002-0227May 16, 2002
    risk 0.03cvss epss 0.03

    KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.

  • CVE-2001-0610Aug 2, 2001
    risk 0.03cvss epss 0.01

    kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.

  • CVE-2000-0530May 31, 2000
    risk 0.03cvss epss 0.01

    The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.

  • CVE-2000-0460May 27, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.

  • CVE-2000-0393May 16, 2000
    risk 0.03cvss epss 0.01

    The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.

  • CVE-2004-0888Jan 27, 2005
    risk 0.01cvss epss 0.09

    Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by…

  • CVE-2004-1125Jan 10, 2005
    risk 0.01cvss epss 0.07

    Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary…

  • CVE-2004-0803Dec 23, 2004
    risk 0.01cvss epss 0.08

    Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

  • CVE-2011-2725Feb 4, 2014
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

  • CVE-2013-4132Sep 16, 2013
    risk 0.00cvss epss 0.02

    KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted…

  • CVE-2011-3365Nov 29, 2011
    risk 0.00cvss epss 0.01

    The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

  • CVE-2011-1586Apr 27, 2011
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a…

Page 1 of 4