Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9604 | 1 Kde | 3 Kde, Kmail, Messagelib | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.
|
|||||
| CVE-2012-4515 | 1 Kde | 1 Kde | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.
|
|||||
| CVE-2012-4514 | 1 Kde | 1 Kde | 2025-04-11 | 5.0 MEDIUM | N/A |
|
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."
|
|||||
| CVE-2012-4513 | 1 Kde | 1 Kde | 2025-04-11 | 6.4 MEDIUM | N/A |
|
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
|
|||||
| CVE-2007-4569 | 1 Kde | 1 Kde | 2025-04-09 | 6.8 MEDIUM | N/A |
|
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.
|
|||||
| CVE-2007-0104 | 2 Kde, Xpdf | 2 Kde, Xpdf | 2025-04-09 | 6.8 MEDIUM | N/A |
|
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
|
|||||
| CVE-2007-5963 | 1 Kde | 1 Kde | 2025-04-09 | 4.7 MEDIUM | N/A |
|
Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.
|
|||||
| CVE-2006-7139 | 1 Kde | 2 K-mail, Kde | 2025-04-09 | 2.6 LOW | N/A |
|
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations.
|
|||||
| CVE-2008-1671 | 1 Kde | 1 Kde | 2025-04-09 | 4.6 MEDIUM | N/A |
|
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.
|
|||||
| CVE-2008-1670 | 1 Kde | 1 Kde | 2025-04-09 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
|
|||||
| CVE-2008-5698 | 1 Kde | 2 Kde, Konqueror | 2025-04-09 | 4.3 MEDIUM | N/A |
|
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2005-0078 | 3 Debian, Kde, Redhat | 5 Debian Linux, Kde, Enterprise Linux and 2 more | 2025-04-03 | 4.6 MEDIUM | N/A |
|
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
|
|||||
| CVE-2002-1306 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.
|
|||||
| CVE-2004-1125 | 3 Easy Software Products, Kde, Xpdf | 3 Cups, Kde, Xpdf | 2025-04-03 | 9.3 HIGH | N/A |
|
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
|
|||||
| CVE-1999-1270 | 1 Kde | 1 Kde | 2025-04-03 | 4.6 MEDIUM | N/A |
|
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
|
|||||
| CVE-2004-0889 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
|
|||||
| CVE-2003-0204 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.
|
|||||
| CVE-2002-1152 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
|
|||||
| CVE-2002-1281 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.
|
|||||
| CVE-1999-1267 | 1 Kde | 1 Kde | 2025-04-03 | 5.0 MEDIUM | N/A |
|
KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server.
|
|||||
| CVE-2002-2333 | 1 Kde | 1 Kde | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
|
|||||
| CVE-2002-1223 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
|
|||||
| CVE-1999-1096 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.
|
|||||
| CVE-2005-1046 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
|
|||||
| CVE-2006-0019 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
|
|||||
| CVE-1999-0782 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | 2.1 LOW | N/A |
|
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
|
|||||
| CVE-2000-0393 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.
|
|||||
| CVE-2004-0803 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
|
|||||
| CVE-1999-0780 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
|
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
|
|||||
| CVE-1999-1107 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
|
|||||
| CVE-2002-1224 | 1 Kde | 1 Kde | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.
|
|||||
| CVE-2004-0886 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
|
|||||
| CVE-2003-0370 | 4 Apple, Kde, Redhat and 1 more | 6 Safari, Kde, Konqueror Embedded and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
|
|||||
| CVE-2000-0530 | 2 Caldera, Kde | 2 Openlinux, Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
|
|||||
| CVE-2004-1491 | 4 Gentoo, Kde, Opera and 1 more | 4 Linux, Kde, Opera Browser and 1 more | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
|
|||||
| CVE-2005-0011 | 1 Kde | 1 Kde | 2025-04-03 | 10.0 HIGH | N/A |
|
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.
|
|||||
| CVE-2002-1282 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
|
Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.
|
|||||
| CVE-2005-0205 | 2 Bernd Wuebben, Kde | 2 Kppp, Kde | 2025-04-03 | 4.6 MEDIUM | N/A |
|
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.
|
|||||
| CVE-2005-0237 | 1 Kde | 2 Kde, Konqueror | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
|
|||||
| CVE-2000-0460 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
|
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
|
|||||