VYPR

Vendor CVEs

KDE

All CVEs

223 total · sorted by risk
  • CVE-2002-1152Oct 11, 2002
    risk 0.00cvss epss 0.02

    Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.

  • CVE-2002-1151Oct 11, 2002
    risk 0.00cvss epss 0.04

    The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.

  • CVE-2002-0970Sep 24, 2002
    risk 0.00cvss epss 0.03

    The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

  • CVE-2002-0819Aug 12, 2002
    risk 0.00cvss epss 0.00

    Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function.

  • CVE-2002-0342Jun 25, 2002
    risk 0.00cvss epss 0.02

    Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long.

  • CVE-2001-1197Dec 14, 2001
    risk 0.00cvss epss 0.00

    klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.

  • CVE-2001-0178Mar 26, 2001
    risk 0.00cvss epss 0.00

    kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

  • CVE-2000-0918Dec 19, 2000
    risk 0.00cvss epss 0.00

    Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.

  • CVE-2000-0374Aug 22, 1999
    risk 0.00cvss epss 0.04

    The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.

  • CVE-1999-0731Jun 23, 1999
    risk 0.00cvss epss 0.00

    The KDE klock program allows local users to unlock a session using malformed input.

  • CVE-2000-0481Jun 1, 1999
    risk 0.00cvss epss 0.02

    Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.

  • CVE-2000-0373Jun 1, 1999
    risk 0.00cvss epss 0.00

    Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.

  • CVE-2000-0371Mar 1, 1999
    risk 0.00cvss epss 0.00

    The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.

  • CVE-1999-1268Jan 6, 1999
    risk 0.00cvss epss 0.00

    Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.

  • CVE-1999-0780Nov 18, 1998
    risk 0.00cvss epss 0.00

    KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.

  • CVE-1999-1107Nov 18, 1998
    risk 0.00cvss epss 0.00

    Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.

  • CVE-1999-0781Nov 18, 1998
    risk 0.00cvss epss 0.00

    KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

  • CVE-1999-0782Nov 18, 1998
    risk 0.00cvss epss 0.00

    KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

  • CVE-1999-1270Jul 11, 1998
    risk 0.00cvss epss 0.00

    KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.

  • CVE-1999-1096May 16, 1998
    risk 0.00cvss epss 0.00

    Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.

  • CVE-1999-1106Apr 29, 1998
    risk 0.00cvss epss 0.01

    Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument.

  • CVE-1999-1269Feb 6, 1998
    risk 0.00cvss epss 0.00

    Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.

  • CVE-1999-1267May 5, 1997
    risk 0.00cvss epss 0.01

    KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server.

Page 5 of 5