Filtered by vendor Kde Subscriptions
Total 197 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-2312 3 Fedoraproject, Kde, Opensuse 4 Fedora, Kscreenlocker, Plasma-workspace and 1 more 2024-11-21 N/A
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
CVE-2015-7543 2 Artsproject, Kde 2 Arts, Kdelibs 2024-11-21 N/A
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
CVE-2015-1308 1 Kde 2 Kde-workspace, Plasma-workspace 2024-11-21 N/A
kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.
CVE-2015-1307 1 Kde 1 Plasma-workspace 2024-11-21 N/A
plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.
CVE-2014-8878 1 Kde 1 Kmail 2024-11-21 N/A
KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2014-8651 1 Kde 2 Kde-workspace, Plasma-desktop 2024-11-21 N/A
The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.
CVE-2014-8600 3 Kde, Opensuse, Urs Wolfer 4 Kde-runtime, Kio-extras, Opensuse and 1 more 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.
CVE-2014-5033 4 Canonical, Debian, Kde and 1 more 5 Ubuntu Linux, Kde4libs, Kauth and 2 more 2024-11-21 N/A
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
CVE-2014-3494 2 Kde, Opensuse 2 Kdelibs, Opensuse 2024-11-21 N/A
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
CVE-2013-7252 1 Kde 1 Kde Applications 2024-11-21 N/A
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
CVE-2013-4133 2 Debian, Kde 2 Debian Linux, Kde-workspace 2024-11-21 7.5 High
kde-workspace before 4.10.5 has a memory leak in plasma desktop
CVE-2013-4132 2 Kde, Opensuse 3 Kde-workspace, Kde Sc, Opensuse 2024-11-21 N/A
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
CVE-2013-2213 1 Kde 1 Paste Applet 2024-11-21 5.5 Medium
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output.
CVE-2013-2120 1 Kde 1 Paste Applet 2024-11-21 8.4 High
The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.
CVE-2013-2074 1 Kde 1 Kdelibs 2024-11-21 N/A
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
CVE-2012-4515 1 Kde 1 Kde 2024-11-21 N/A
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.
CVE-2012-4514 1 Kde 1 Kde 2024-11-21 N/A
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."
CVE-2012-4513 2 Kde, Redhat 2 Kde, Enterprise Linux 2024-11-21 N/A
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
CVE-2012-4512 2 Kde, Redhat 5 Kde, Enterprise Linux, Enterprise Linux Desktop and 2 more 2024-11-21 8.8 High
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
CVE-2012-3455 1 Kde 1 Koffice 2024-11-21 N/A
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.