Kde
by KDE
Source repositories
CVEs (77)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-1168 | 0.00 | — | 0.03 | Apr 18, 2011 | Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site. | |||
| CVE-2010-2575 | 0.00 | — | 0.05 | Aug 30, 2010 | Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute… | |||
| CVE-2010-1511 | 0.00 | — | 0.03 | May 17, 2010 | KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. | |||
| CVE-2010-1000 | 0.00 | — | 0.04 | May 17, 2010 | Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | |||
| CVE-2010-0436 | 0.00 | — | 0.00 | Apr 15, 2010 | Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related… | |||
| CVE-2010-0923 | 0.00 | — | 0.00 | Mar 3, 2010 | Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to… | |||
| CVE-2008-1670 | 0.00 | — | 0.05 | Apr 28, 2008 | Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image. | |||
| CVE-2008-1671 | 0.00 | — | 0.01 | Apr 28, 2008 | start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other… | |||
| CVE-2007-5963 | 0.00 | — | 0.00 | Dec 19, 2007 | Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors. | |||
| CVE-2007-4569 | 0.00 | — | 0.01 | Sep 21, 2007 | backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. | |||
| CVE-2007-0104 | 0.00 | — | 0.06 | Jan 9, 2007 | The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code… | |||
| CVE-2006-2933 | 0.00 | — | 0.00 | Jul 27, 2006 | kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop. | |||
| CVE-2006-2449 | 0.00 | — | 0.00 | Jun 15, 2006 | KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login. | |||
| CVE-2006-0019 | 0.00 | — | 0.06 | Jan 20, 2006 | Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. | |||
| CVE-2005-4784 | 0.00 | — | 0.00 | Dec 31, 2005 | Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the… | |||
| CVE-2005-2494 | 0.00 | — | 0.00 | Sep 6, 2005 | kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files. | |||
| CVE-2005-2101 | 0.00 | — | 0.01 | Aug 17, 2005 | langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files. | |||
| CVE-2005-1852 | 0.00 | — | 0.05 | Jul 26, 2005 | Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. | |||
| CVE-2005-0078 | 0.00 | — | 0.00 | May 2, 2005 | The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. | |||
| CVE-2005-0205 | 0.00 | — | 0.00 | May 2, 2005 | KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by… |
- CVE-2011-1168Apr 18, 2011risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
- CVE-2010-2575Aug 30, 2010risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute…
- CVE-2010-1511May 17, 2010risk 0.00cvss —epss 0.03
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
- CVE-2010-1000May 17, 2010risk 0.00cvss —epss 0.04
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
- CVE-2010-0436Apr 15, 2010risk 0.00cvss —epss 0.00
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related…
- CVE-2010-0923Mar 3, 2010risk 0.00cvss —epss 0.00
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to…
- CVE-2008-1670Apr 28, 2008risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
- CVE-2008-1671Apr 28, 2008risk 0.00cvss —epss 0.01
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other…
- CVE-2007-5963Dec 19, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.
- CVE-2007-4569Sep 21, 2007risk 0.00cvss —epss 0.01
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.
- CVE-2007-0104Jan 9, 2007risk 0.00cvss —epss 0.06
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code…
- CVE-2006-2933Jul 27, 2006risk 0.00cvss —epss 0.00
kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.
- CVE-2006-2449Jun 15, 2006risk 0.00cvss —epss 0.00
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
- CVE-2006-0019Jan 20, 2006risk 0.00cvss —epss 0.06
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
- CVE-2005-4784Dec 31, 2005risk 0.00cvss —epss 0.00
Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the…
- CVE-2005-2494Sep 6, 2005risk 0.00cvss —epss 0.00
kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.
- CVE-2005-2101Aug 17, 2005risk 0.00cvss —epss 0.01
langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.
- CVE-2005-1852Jul 26, 2005risk 0.00cvss —epss 0.05
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
- CVE-2005-0078May 2, 2005risk 0.00cvss —epss 0.00
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
- CVE-2005-0205May 2, 2005risk 0.00cvss —epss 0.00
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by…
Page 2 of 4