VYPR

Vendor CVEs

KDE

All CVEs

223 total · sorted by risk
  • CVE-2009-2896Aug 20, 2009
    risk 0.03cvss epss 0.06

    Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.

  • CVE-2008-5712Dec 24, 2008
    risk 0.03cvss epss 0.04

    The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector…

  • CVE-2008-5698Dec 22, 2008
    risk 0.03cvss epss 0.03

    HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party…

  • CVE-2007-6000Nov 15, 2007
    risk 0.03cvss epss 0.03

    KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters.

  • CVE-2007-4941Sep 18, 2007
    risk 0.03cvss epss 0.03

    KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a .avi file with certain large "indx truck size" and nEntriesInuse values.

  • CVE-2007-4229Aug 8, 2007
    risk 0.03cvss epss 0.02

    Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. …

  • CVE-2007-1564Mar 21, 2007
    risk 0.03cvss epss 0.04

    The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

  • CVE-2006-7139Mar 7, 2007
    risk 0.03cvss epss 0.03

    Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.

  • CVE-2006-6660Dec 20, 2006
    risk 0.03cvss epss 0.02

    The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.

  • CVE-2005-0404May 2, 2005
    risk 0.03cvss epss 0.03

    KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.

  • CVE-2004-1165Jan 10, 2005
    risk 0.03cvss epss 0.04

    Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

  • CVE-2004-0527Aug 6, 2004
    risk 0.03cvss epss 0.06

    KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing"…

  • CVE-2003-1478Dec 31, 2003
    risk 0.03cvss epss 0.04

    Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm.

  • CVE-2002-0227May 16, 2002
    risk 0.03cvss epss 0.03

    KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.

  • CVE-2001-0782Oct 18, 2001
    risk 0.03cvss epss 0.01

    KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file.

  • CVE-2001-0610Aug 2, 2001
    risk 0.03cvss epss 0.01

    kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.

  • CVE-2000-0530May 31, 2000
    risk 0.03cvss epss 0.01

    The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.

  • CVE-2000-0460May 27, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.

  • CVE-2000-0393May 16, 2000
    risk 0.03cvss epss 0.01

    The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.

  • CVE-1999-0735Jan 4, 2000
    risk 0.03cvss epss 0.01

    KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.

  • CVE-2020-24972Aug 29, 2020
    risk 0.02cvss epss 0.05

    The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an…

  • CVE-2005-2971Oct 20, 2005
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.

  • CVE-2004-0888Jan 27, 2005
    risk 0.01cvss epss 0.09

    Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by…

  • CVE-2004-1125Jan 10, 2005
    risk 0.01cvss epss 0.07

    Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary…

  • CVE-2004-0867Dec 23, 2004
    risk 0.01cvss epss 0.17

    Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is…

  • CVE-2004-0803Dec 23, 2004
    risk 0.01cvss epss 0.08

    Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

  • CVE-2004-0866Sep 16, 2004
    risk 0.01cvss epss 0.10

    Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

  • CVE-2004-0411Jul 7, 2004
    risk 0.01cvss epss 0.08

    The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs,…

  • CVE-2024-36041Jul 5, 2024
    risk 0.00cvss epss 0.00

    KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager,…

  • CVE-2024-1433Feb 11, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of…

  • CVE-2022-28223Mar 30, 2022
    risk 0.00cvss epss 0.01

    Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.

  • CVE-2022-24986Feb 26, 2022
    risk 0.00cvss epss 0.00

    KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.

  • CVE-2022-23853Feb 11, 2022
    risk 0.00cvss epss 0.01

    The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the…

  • CVE-2021-38373Aug 10, 2021
    risk 0.00cvss epss 0.01

    In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.

  • CVE-2021-36083Jul 1, 2021
    risk 0.00cvss epss 0.01

    KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE.

  • CVE-2021-31855Jun 2, 2021
    risk 0.00cvss epss 0.01

    KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server.…

  • CVE-2021-33204May 19, 2021
    risk 0.00cvss epss 0.02

    In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set.

  • CVE-2020-27187Oct 26, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other…

  • CVE-2020-26164Oct 7, 2020
    risk 0.00cvss epss 0.01

    In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.

  • CVE-2020-24654Sep 2, 2020
    risk 0.00cvss epss 0.01

    In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.

  • CVE-2020-16116Aug 3, 2020
    risk 0.00cvss epss 0.02

    In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.

  • CVE-2020-15954Jul 27, 2020
    risk 0.00cvss epss 0.01

    KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.

  • CVE-2020-12755May 9, 2020
    risk 0.00cvss epss 0.00

    fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.

  • CVE-2020-11880Apr 17, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as…

  • CVE-2020-9359Mar 24, 2020
    risk 0.00cvss epss 0.01

    KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.

  • CVE-2018-19516Mar 12, 2020
    risk 0.00cvss epss 0.01

    messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.

  • CVE-2013-2213Feb 11, 2020
    risk 0.00cvss epss 0.00

    The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator…

  • CVE-2013-2120Feb 11, 2020
    risk 0.00cvss epss 0.01

    The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.

  • CVE-2013-4133Dec 10, 2019
    risk 0.00cvss epss 0.03

    kde-workspace before 4.10.5 has a memory leak in plasma desktop

  • CVE-2019-14744Aug 7, 2019
    risk 0.00cvss epss 0.04

    In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon…

Page 2 of 5