Vendor CVEs
KDE
All CVEs
223 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1152 | 0.00 | — | 0.02 | Oct 11, 2002 | Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. | |||
| CVE-2002-1151 | 0.00 | — | 0.04 | Oct 11, 2002 | The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains. | |||
| CVE-2002-0970 | 0.00 | — | 0.03 | Sep 24, 2002 | The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | |||
| CVE-2002-0819 | 0.00 | — | 0.00 | Aug 12, 2002 | Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function. | |||
| CVE-2002-0342 | 0.00 | — | 0.02 | Jun 25, 2002 | Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long. | |||
| CVE-2001-1197 | 0.00 | — | 0.00 | Dec 14, 2001 | klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file. | |||
| CVE-2001-0178 | 0.00 | — | 0.00 | Mar 26, 2001 | kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges. | |||
| CVE-2000-0918 | 0.00 | — | 0.00 | Dec 19, 2000 | Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters. | |||
| CVE-2000-0374 | 0.00 | — | 0.04 | Aug 22, 1999 | The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions. | |||
| CVE-1999-0731 | 0.00 | — | 0.00 | Jun 23, 1999 | The KDE klock program allows local users to unlock a session using malformed input. | |||
| CVE-2000-0481 | 0.00 | — | 0.02 | Jun 1, 1999 | Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name. | |||
| CVE-2000-0373 | 0.00 | — | 0.00 | Jun 1, 1999 | Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges. | |||
| CVE-2000-0371 | 0.00 | — | 0.00 | Mar 1, 1999 | The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. | |||
| CVE-1999-1268 | 0.00 | — | 0.00 | Jan 6, 1999 | Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. | |||
| CVE-1999-0780 | 0.00 | — | 0.00 | Nov 18, 1998 | KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | |||
| CVE-1999-1107 | 0.00 | — | 0.00 | Nov 18, 1998 | Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable. | |||
| CVE-1999-0781 | 0.00 | — | 0.00 | Nov 18, 1998 | KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | |||
| CVE-1999-0782 | 0.00 | — | 0.00 | Nov 18, 1998 | KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. | |||
| CVE-1999-1270 | 0.00 | — | 0.00 | Jul 11, 1998 | KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps. | |||
| CVE-1999-1096 | 0.00 | — | 0.00 | May 16, 1998 | Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable. | |||
| CVE-1999-1106 | 0.00 | — | 0.01 | Apr 29, 1998 | Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument. | |||
| CVE-1999-1269 | 0.00 | — | 0.00 | Feb 6, 1998 | Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file. | |||
| CVE-1999-1267 | 0.00 | — | 0.01 | May 5, 1997 | KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server. |
- CVE-2002-1152Oct 11, 2002risk 0.00cvss —epss 0.02
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
- CVE-2002-1151Oct 11, 2002risk 0.00cvss —epss 0.04
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
- CVE-2002-0970Sep 24, 2002risk 0.00cvss —epss 0.03
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
- CVE-2002-0819Aug 12, 2002risk 0.00cvss —epss 0.00
Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function.
- CVE-2002-0342Jun 25, 2002risk 0.00cvss —epss 0.02
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long.
- CVE-2001-1197Dec 14, 2001risk 0.00cvss —epss 0.00
klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.
- CVE-2001-0178Mar 26, 2001risk 0.00cvss —epss 0.00
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
- CVE-2000-0918Dec 19, 2000risk 0.00cvss —epss 0.00
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.
- CVE-2000-0374Aug 22, 1999risk 0.00cvss —epss 0.04
The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.
- CVE-1999-0731Jun 23, 1999risk 0.00cvss —epss 0.00
The KDE klock program allows local users to unlock a session using malformed input.
- CVE-2000-0481Jun 1, 1999risk 0.00cvss —epss 0.02
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.
- CVE-2000-0373Jun 1, 1999risk 0.00cvss —epss 0.00
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
- CVE-2000-0371Mar 1, 1999risk 0.00cvss —epss 0.00
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
- CVE-1999-1268Jan 6, 1999risk 0.00cvss —epss 0.00
Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.
- CVE-1999-0780Nov 18, 1998risk 0.00cvss —epss 0.00
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
- CVE-1999-1107Nov 18, 1998risk 0.00cvss —epss 0.00
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
- CVE-1999-0781Nov 18, 1998risk 0.00cvss —epss 0.00
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
- CVE-1999-0782Nov 18, 1998risk 0.00cvss —epss 0.00
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
- CVE-1999-1270Jul 11, 1998risk 0.00cvss —epss 0.00
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
- CVE-1999-1096May 16, 1998risk 0.00cvss —epss 0.00
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.
- CVE-1999-1106Apr 29, 1998risk 0.00cvss —epss 0.01
Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument.
- CVE-1999-1269Feb 6, 1998risk 0.00cvss —epss 0.00
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
- CVE-1999-1267May 5, 1997risk 0.00cvss —epss 0.01
KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server.
Page 5 of 5