by KDE
CVEs (65)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-1920 | Hig | 0.49 | 7.5 | 0.03 | Jul 26, 2005 | The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. | |
| CVE-2004-0689 | Hig | 0.46 | 7.1 | 0.00 | Sep 28, 2004 | KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. | |
| CVE-2004-1491 | 0.05 | — | 0.26 | Dec 31, 2004 | Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. | ||
| CVE-2012-4515 | 0.04 | — | 0.10 | Nov 11, 2012 | Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. | ||
| CVE-2012-4513 | 0.04 | — | 0.15 | Nov 11, 2012 | khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. | ||
| CVE-2002-1224 | 0.04 | — | 0.12 | Oct 28, 2002 | Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. | ||
| CVE-2012-4514 | 0.03 | — | 0.05 | Nov 11, 2012 | rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." | ||
| CVE-2005-0404 | 0.03 | — | 0.05 | May 2, 2005 | KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email. | ||
| CVE-2002-0227 | 0.03 | — | 0.06 | May 16, 2002 | KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. | ||
| CVE-2001-0610 | 0.03 | — | 0.00 | Aug 2, 2001 | kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp. | ||
| CVE-2000-0530 | 0.03 | — | 0.00 | May 31, 2000 | The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files. | ||
| CVE-2000-0460 | 0.03 | — | 0.01 | May 27, 2000 | Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable. | ||
| CVE-2000-0393 | 0.03 | — | 0.01 | May 16, 2000 | The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute. | ||
| CVE-2007-0104 | 0.02 | — | 0.19 | Jan 9, 2007 | The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | ||
| CVE-2006-0019 | 0.01 | — | 0.06 | Jan 20, 2006 | Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. | ||
| CVE-2005-1046 | 0.01 | — | 0.07 | May 2, 2005 | Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. | ||
| CVE-2005-0206 | 0.01 | — | 0.07 | Apr 27, 2005 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | ||
| CVE-2004-0886 | 0.01 | — | 0.11 | Jan 27, 2005 | Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | ||
| CVE-2004-1125 | 0.01 | — | 0.07 | Jan 10, 2005 | Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. | ||
| CVE-2004-0803 | 0.01 | — | 0.18 | Dec 23, 2004 | Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. |