VYPR

Kde

by KDE

Source repositories

CVEs (77)

  • CVE-2005-0205May 2, 2005
    risk 0.00cvss epss 0.00

    KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by…

  • CVE-2005-0237May 2, 2005
    risk 0.00cvss epss 0.02

    The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which…

  • CVE-2005-0365May 2, 2005
    risk 0.00cvss epss 0.00

    The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2005-0011May 2, 2005
    risk 0.00cvss epss 0.05

    Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.

  • CVE-2005-0206Apr 27, 2005
    risk 0.00cvss epss 0.03

    The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

  • CVE-2005-0754Apr 22, 2005
    risk 0.00cvss epss 0.03

    Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

  • CVE-2004-0889Jan 27, 2005
    risk 0.00cvss epss 0.06

    Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

  • CVE-2004-0886Jan 27, 2005
    risk 0.00cvss epss 0.05

    Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

  • CVE-2004-1171Jan 10, 2005
    risk 0.00cvss epss 0.00

    KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could…

  • CVE-2004-0746Oct 20, 2004
    risk 0.00cvss epss 0.02

    Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

  • CVE-2004-0690Sep 28, 2004
    risk 0.00cvss epss 0.01

    The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.

  • CVE-2003-0988Feb 17, 2004
    risk 0.00cvss epss 0.06

    Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.

  • CVE-2003-0690Oct 6, 2003
    risk 0.00cvss epss 0.03

    KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.

  • CVE-2003-0692Oct 6, 2003
    risk 0.00cvss epss 0.03

    KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.

  • CVE-2003-0370Jun 16, 2003
    risk 0.00cvss epss 0.02

    Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

  • CVE-2003-0204May 5, 2003
    risk 0.00cvss epss 0.04

    KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.

  • CVE-2002-1393Jan 17, 2003
    risk 0.00cvss epss 0.04

    Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.

  • CVE-2002-2333Dec 31, 2002
    risk 0.00cvss epss 0.02

    Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.

  • CVE-2002-1306Nov 29, 2002
    risk 0.00cvss epss 0.06

    Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.

  • CVE-2002-1281Nov 29, 2002
    risk 0.00cvss epss 0.05

    Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.