Kde
by KDE
Source repositories
CVEs (77)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1247 | 0.00 | — | 0.01 | Nov 29, 2002 | Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon. | |||
| CVE-2002-1282 | 0.00 | — | 0.04 | Nov 29, 2002 | Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL. | |||
| CVE-2002-1223 | 0.00 | — | 0.03 | Oct 28, 2002 | Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. | |||
| CVE-2002-1152 | 0.00 | — | 0.02 | Oct 11, 2002 | Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. | |||
| CVE-2002-1151 | 0.00 | — | 0.04 | Oct 11, 2002 | The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains. | |||
| CVE-2002-0970 | 0.00 | — | 0.03 | Sep 24, 2002 | The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | |||
| CVE-2000-0371 | 0.00 | — | 0.00 | Mar 1, 1999 | The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. | |||
| CVE-1999-1268 | 0.00 | — | 0.00 | Jan 6, 1999 | Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. | |||
| CVE-1999-1107 | 0.00 | — | 0.00 | Nov 18, 1998 | Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable. | |||
| CVE-1999-0782 | 0.00 | — | 0.00 | Nov 18, 1998 | KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. | |||
| CVE-1999-0780 | 0.00 | — | 0.00 | Nov 18, 1998 | KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | |||
| CVE-1999-0781 | 0.00 | — | 0.00 | Nov 18, 1998 | KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | |||
| CVE-1999-1270 | 0.00 | — | 0.00 | Jul 11, 1998 | KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps. | |||
| CVE-1999-1096 | 0.00 | — | 0.00 | May 16, 1998 | Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable. | |||
| CVE-1999-1106 | 0.00 | — | 0.01 | Apr 29, 1998 | Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument. | |||
| CVE-1999-1269 | 0.00 | — | 0.00 | Feb 6, 1998 | Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file. | |||
| CVE-1999-1267 | 0.00 | — | 0.01 | May 5, 1997 | KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server. |
- CVE-2002-1247Nov 29, 2002risk 0.00cvss —epss 0.01
Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.
- CVE-2002-1282Nov 29, 2002risk 0.00cvss —epss 0.04
Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.
- CVE-2002-1223Oct 28, 2002risk 0.00cvss —epss 0.03
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
- CVE-2002-1152Oct 11, 2002risk 0.00cvss —epss 0.02
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
- CVE-2002-1151Oct 11, 2002risk 0.00cvss —epss 0.04
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
- CVE-2002-0970Sep 24, 2002risk 0.00cvss —epss 0.03
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
- CVE-2000-0371Mar 1, 1999risk 0.00cvss —epss 0.00
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
- CVE-1999-1268Jan 6, 1999risk 0.00cvss —epss 0.00
Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.
- CVE-1999-1107Nov 18, 1998risk 0.00cvss —epss 0.00
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
- CVE-1999-0782Nov 18, 1998risk 0.00cvss —epss 0.00
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
- CVE-1999-0780Nov 18, 1998risk 0.00cvss —epss 0.00
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
- CVE-1999-0781Nov 18, 1998risk 0.00cvss —epss 0.00
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
- CVE-1999-1270Jul 11, 1998risk 0.00cvss —epss 0.00
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
- CVE-1999-1096May 16, 1998risk 0.00cvss —epss 0.00
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.
- CVE-1999-1106Apr 29, 1998risk 0.00cvss —epss 0.01
Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument.
- CVE-1999-1269Feb 6, 1998risk 0.00cvss —epss 0.00
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
- CVE-1999-1267May 5, 1997risk 0.00cvss —epss 0.01
KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server.
Page 4 of 4