Filtered by vendor Kde
Subscriptions
Total
196 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-8600 | 3 Kde, Opensuse, Urs Wolfer | 4 Kde-runtime, Kio-extras, Opensuse and 1 more | 2024-08-06 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. | ||||
CVE-2014-5033 | 4 Canonical, Debian, Kde and 1 more | 5 Ubuntu Linux, Kde4libs, Kauth and 2 more | 2024-08-06 | N/A |
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." | ||||
CVE-2014-3494 | 2 Kde, Opensuse | 2 Kdelibs, Opensuse | 2024-08-06 | N/A |
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate. | ||||
CVE-2015-7543 | 2 Artsproject, Kde | 2 Arts, Kdelibs | 2024-08-06 | N/A |
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. | ||||
CVE-2015-1308 | 1 Kde | 2 Kde-workspace, Plasma-workspace | 2024-08-06 | N/A |
kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked. | ||||
CVE-2015-1307 | 1 Kde | 1 Plasma-workspace | 2024-08-06 | N/A |
plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package. | ||||
CVE-2016-7968 | 1 Kde | 1 Kmail | 2024-08-06 | N/A |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed. | ||||
CVE-2016-7967 | 1 Kde | 1 Kmail | 2024-08-06 | N/A |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled. | ||||
CVE-2016-7966 | 4 Debian, Fedoraproject, Kde and 1 more | 4 Debian Linux, Fedora, Kmail and 1 more | 2024-08-06 | N/A |
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. | ||||
CVE-2016-7787 | 2 Kde, Opensuse | 3 Kde-cli-tools, Leap, Opensuse | 2024-08-06 | N/A |
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. | ||||
CVE-2016-6232 | 2 Canonical, Kde | 2 Ubuntu Linux, Karchives | 2024-08-06 | N/A |
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | ||||
CVE-2016-3100 | 2 Kde, Opensuse | 3 Kde Frameworks, Leap, Opensuse | 2024-08-05 | N/A |
kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file. | ||||
CVE-2016-2312 | 3 Fedoraproject, Kde, Opensuse | 4 Fedora, Kscreenlocker, Plasma-workspace and 1 more | 2024-08-05 | N/A |
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again. | ||||
CVE-2017-17689 | 16 9folders, Apple, Bloop and 13 more | 17 Nine, Mail, Airmail and 14 more | 2024-08-05 | N/A |
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | ||||
CVE-2017-8422 | 2 Kde, Redhat | 3 Kauth, Kdelibs, Enterprise Linux | 2024-08-05 | N/A |
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. | ||||
CVE-2017-6410 | 1 Kde | 2 Kdelibs, Kio | 2024-08-05 | N/A |
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. | ||||
CVE-2017-5330 | 2 Fedoraproject, Kde | 2 Fedora, Ark | 2024-08-05 | N/A |
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | ||||
CVE-2018-1000801 | 3 Debian, Kde, Redhat | 3 Debian Linux, Okular, Enterprise Linux | 2024-08-05 | N/A |
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1 | ||||
CVE-2018-19516 | 1 Kde | 1 Kde Applications | 2024-08-05 | 5.3 Medium |
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. | ||||
CVE-2018-19120 | 1 Kde | 1 Kde Applications | 2024-08-05 | N/A |
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. |