Filtered by vendor Kde
Subscribe
Total
195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0205 | 2 Bernd Wuebben, Kde | 2 Kppp, Kde | 2025-04-03 | 4.6 MEDIUM | N/A |
|
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.
|
|||||
| CVE-2005-0237 | 1 Kde | 2 Kde, Konqueror | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
|
|||||
| CVE-2000-0460 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
|
|||||
| CVE-2004-0690 | 1 Kde | 1 Kde | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
|
|||||
| CVE-2004-0689 | 2 Debian, Kde | 2 Debian Linux, Kde | 2025-04-03 | 4.6 MEDIUM | 7.1 HIGH |
|
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
|
|||||
| CVE-2000-0371 | 1 Kde | 1 Kde | 2025-04-03 | 1.2 LOW | N/A |
|
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
|
|||||
| CVE-2005-2097 | 2 Kde, Xpdf | 2 Kpdf, Xpdf | 2025-04-03 | 2.1 LOW | N/A |
|
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
|
|||||
| CVE-1999-0781 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
|
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
|
|||||
| CVE-1999-1268 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.
|
|||||
| CVE-2005-0365 | 1 Kde | 1 Kde | 2025-04-03 | 2.1 LOW | N/A |
|
The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
|
|||||
| CVE-2002-1393 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
|
|||||
| CVE-2005-2494 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.
|
|||||
| CVE-2003-0988 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
|
|||||
| CVE-2004-1165 | 1 Kde | 2 Kdelibs, Konqueror | 2025-04-03 | 7.5 HIGH | N/A |
|
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
|
|||||
| CVE-2005-1920 | 2 Debian, Kde | 2 Debian Linux, Kde | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
|
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
|
|||||
| CVE-2004-0527 | 1 Kde | 1 Konqueror | 2025-04-03 | 5.0 MEDIUM | N/A |
|
KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
|
|||||
| CVE-2005-1852 | 4 Centericq, Ekg, Kadu and 1 more | 4 Centericq, Ekg, Kadu and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
|
|||||
| CVE-2003-0692 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
|
|||||
| CVE-2001-1197 | 1 Kde | 1 Kdeutils | 2025-04-03 | 4.6 MEDIUM | N/A |
|
klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.
|
|||||
| CVE-2003-0690 | 1 Kde | 1 Kde | 2025-04-03 | 10.0 HIGH | N/A |
|
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
|
|||||
| CVE-2004-0746 | 4 Gentoo, Kde, Mandrakesoft and 1 more | 5 Linux, Kde, Konqueror and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
|
|||||
| CVE-2004-0888 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
|
|||||
| CVE-2005-2101 | 1 Kde | 1 Kde | 2025-04-03 | 5.0 MEDIUM | N/A |
|
langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.
|
|||||
| CVE-2004-1171 | 3 Kde, Mandrakesoft, Redhat | 3 Kde, Mandrake Linux, Fedora Core | 2025-04-03 | 2.1 LOW | N/A |
|
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
|
|||||
| CVE-2002-1151 | 1 Kde | 2 Kde, Konqueror | 2025-04-03 | 7.5 HIGH | N/A |
|
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
|
|||||
| CVE-2005-2971 | 1 Kde | 1 Koffice | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.
|
|||||
| CVE-2002-1247 | 2 Kde, Lisa | 3 Kde, Klisa, Lisa | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.
|
|||||
| CVE-1999-1269 | 1 Kde | 1 Kde Beta 3 | 2025-04-03 | 2.1 LOW | N/A |
|
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
|
|||||
| CVE-2004-0721 | 1 Kde | 1 Konqueror | 2025-04-03 | 7.5 HIGH | N/A |
|
Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
|
|||||
| CVE-1999-1106 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument.
|
|||||
| CVE-2001-0610 | 2 Kde, Suse | 2 Kde, Suse Linux | 2025-04-03 | 4.6 MEDIUM | N/A |
|
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
|
|||||
| CVE-2002-0970 | 1 Kde | 2 Kde, Konqueror | 2025-04-03 | 7.5 HIGH | N/A |
|
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
|
|||||
| CVE-2005-3626 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
|
|||||
| CVE-2005-0206 | 15 Ascii, Cstex, Debian and 12 more | 22 Ptex, Cstetex, Debian Linux and 19 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
|
|||||
| CVE-2005-0404 | 2 Kde, Kmail | 2 Kde, Kmail | 2025-04-03 | 5.0 MEDIUM | N/A |
|
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
|
|||||
| CVE-2003-0355 | 2 Apple, Kde | 2 Safari, Konqueror Embedded | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
|
|||||
| CVE-2006-3742 | 1 Kde | 1 Kdebase | 2025-04-03 | 10.0 HIGH | N/A |
|
The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.
|
|||||
| CVE-2006-2449 | 1 Kde | 1 Kde | 2025-04-03 | 4.0 MEDIUM | N/A |
|
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
|
|||||
| CVE-2000-0373 | 1 Kde | 1 Kvt | 2025-04-03 | 7.2 HIGH | N/A |
|
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
|
|||||
| CVE-2006-2933 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Enterprise Linux Desktop | 2025-04-03 | 4.6 MEDIUM | N/A |
|
kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.
|
|||||