Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9604 | 1 Kde | 3 Kde, Kmail, Messagelib | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2012-4514 | 1 Kde | 1 Kde | 2025-04-11 | 5.0 MEDIUM | N/A |
| rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." | |||||
| CVE-2012-4513 | 1 Kde | 1 Kde | 2025-04-11 | 6.4 MEDIUM | N/A |
| khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. | |||||
| CVE-2012-4515 | 1 Kde | 1 Kde | 2025-04-11 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. | |||||
| CVE-2008-1671 | 1 Kde | 1 Kde | 2025-04-09 | 4.6 MEDIUM | N/A |
| start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. | |||||
| CVE-2007-4569 | 1 Kde | 1 Kde | 2025-04-09 | 6.8 MEDIUM | N/A |
| backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. | |||||
| CVE-2006-7139 | 1 Kde | 2 K-mail, Kde | 2025-04-09 | 2.6 LOW | N/A |
| Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. | |||||
| CVE-2008-5698 | 1 Kde | 2 Kde, Konqueror | 2025-04-09 | 4.3 MEDIUM | N/A |
| HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-5963 | 1 Kde | 1 Kde | 2025-04-09 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors. | |||||
| CVE-2008-1670 | 1 Kde | 1 Kde | 2025-04-09 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image. | |||||
| CVE-2007-0104 | 2 Kde, Xpdf | 2 Kde, Xpdf | 2025-04-09 | 6.8 MEDIUM | N/A |
| The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | |||||
| CVE-2002-1152 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
| Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. | |||||
| CVE-2003-0690 | 1 Kde | 1 Kde | 2025-04-03 | 10.0 HIGH | N/A |
| KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. | |||||
| CVE-1999-0780 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | 4.6 MEDIUM | N/A |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | |||||
| CVE-1999-1268 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
| Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. | |||||
| CVE-2005-0237 | 1 Kde | 2 Kde, Konqueror | 2025-04-03 | 5.0 MEDIUM | N/A |
| The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | |||||
| CVE-2004-0886 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | |||||
| CVE-1999-1267 | 1 Kde | 1 Kde | 2025-04-03 | 5.0 MEDIUM | N/A |
| KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server. | |||||
| CVE-2002-1393 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses. | |||||
| CVE-1999-1106 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument. | |||||