ReportizFlow
Filtered by vendor Kde
Subscriptions
Total
197 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19516 | 1 Kde | 1 Kde Applications | 2024-11-21 | 5.3 Medium |
| messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. | ||||
| CVE-2018-19120 | 1 Kde | 1 Kde Applications | 2024-11-21 | N/A |
| The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. | ||||
| CVE-2018-10380 | 3 Debian, Kde, Opensuse | 3 Debian Linux, Plasma, Leap | 2024-11-21 | N/A |
| kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | ||||
| CVE-2018-10361 | 1 Kde | 1 Ktexteditor | 2024-11-21 | N/A |
| An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation. | ||||
| CVE-2018-1000801 | 3 Debian, Kde, Redhat | 3 Debian Linux, Okular, Enterprise Linux | 2024-11-21 | N/A |
| okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 | ||||
| CVE-2017-9604 | 1 Kde | 3 Kde, Kmail, Messagelib | 2024-11-21 | N/A |
| KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2017-8422 | 2 Kde, Redhat | 3 Kauth, Kdelibs, Enterprise Linux | 2024-11-21 | N/A |
| KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. | ||||
| CVE-2017-6410 | 1 Kde | 2 Kdelibs, Kio | 2024-11-21 | N/A |
| kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. | ||||
| CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2024-11-21 | N/A |
| ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | ||||
| CVE-2017-17689 | 16 9folders, Apple, Bloop and 13 more | 17 Nine, Mail, Airmail and 14 more | 2024-11-21 | N/A |
| The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | ||||
| CVE-2015-7543 | 2 Artsproject, Kde | 2 Arts, Kdelibs | 2024-11-21 | N/A |
| aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. | ||||
| CVE-2014-8878 | 1 Kde | 1 Kmail | 2024-11-21 | N/A |
| KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2013-4133 | 2 Debian, Kde | 2 Debian Linux, Kde-workspace | 2024-11-21 | 7.5 High |
| kde-workspace before 4.10.5 has a memory leak in plasma desktop | ||||
| CVE-2013-2213 | 1 Kde | 1 Paste Applet | 2024-11-21 | 5.5 Medium |
| The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. | ||||
| CVE-2013-2120 | 1 Kde | 1 Paste Applet | 2024-11-21 | 8.4 High |
| The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. | ||||
| CVE-2012-4512 | 2 Kde, Redhat | 5 Kde, Enterprise Linux, Enterprise Linux Desktop and 2 more | 2024-11-21 | 8.8 High |
| The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." | ||||
| CVE-2024-50624 | 1 Kde | 1 Kmail | 2024-10-31 | 5.9 Medium |
| ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com or http://example.com/.well-known/autoconfig for retrieving the configuration. This is related to kmail-account-wizard. | ||||