ReportizFlow
Filtered by vendor Kde
Subscriptions
Total
209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1152 | 2 Kde, Redhat | 2 Kde, Linux | 2025-04-03 | N/A |
| Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. | ||||
| CVE-2002-1306 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL. | ||||
| CVE-2002-2333 | 1 Kde | 1 Kde | 2025-04-03 | N/A |
| Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. | ||||
| CVE-2003-0204 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Linux | 2025-04-03 | N/A |
| KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. | ||||
| CVE-2003-0355 | 2 Apple, Kde | 2 Safari, Konqueror Embedded | 2025-04-03 | N/A |
| Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates. | ||||
| CVE-2003-0370 | 4 Apple, Kde, Redhat and 1 more | 7 Safari, Kde, Konqueror Embedded and 4 more | 2025-04-03 | N/A |
| Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. | ||||
| CVE-2004-1158 | 3 Kde, Mandrakesoft, Redhat | 4 Konqueror, Mandrake Linux, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | ||||
| CVE-2003-0459 | 2 Kde, Redhat | 10 Konqueror, Konqueror Embedded, Analog Real-time Synthesizer and 7 more | 2025-04-03 | N/A |
| KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. | ||||
| CVE-2000-0371 | 1 Kde | 1 Kde | 2025-04-03 | N/A |
| The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. | ||||
| CVE-2003-0592 | 2 Kde, Redhat | 4 Konqueror, Konqueror Embedded, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | ||||
| CVE-2003-0690 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Linux | 2025-04-03 | N/A |
| KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. | ||||
| CVE-2003-0692 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Linux | 2025-04-03 | N/A |
| KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. | ||||
| CVE-2004-0867 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2025-04-03 | N/A |
| Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. | ||||
| CVE-2003-0988 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. | ||||
| CVE-1999-0780 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | N/A |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | ||||
| CVE-1999-0781 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | N/A |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | ||||
| CVE-1999-0782 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | N/A |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. | ||||
| CVE-2005-3626 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2025-04-03 | N/A |
| Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. | ||||
| CVE-1999-1268 | 1 Kde | 1 Kde | 2025-04-03 | N/A |
| Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. | ||||
| CVE-2000-0481 | 1 Kde | 1 K-mail | 2025-04-03 | N/A |
| Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name. | ||||