Filtered by vendor Kde
Subscriptions
Total
196 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-31855 | 1 Kde | 1 Messagelib | 2024-08-03 | 6.5 Medium |
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp. | ||||
CVE-2022-24986 | 1 Kde | 1 Kcron | 2024-08-03 | 7.8 High |
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands. | ||||
CVE-2022-23853 | 1 Kde | 2 Kate, Ktexteditor | 2024-08-03 | 7.8 High |
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory. | ||||
CVE-2023-52723 | 1 Kde | 1 Libksieve | 2024-08-02 | 7.1 High |
In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value. | ||||
CVE-2024-36041 | 1 Kde | 1 Plasma-workspace | 2024-08-02 | 7.8 High |
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory. | ||||
CVE-1999-1269 | 1 Kde | 1 Kde Beta 3 | 2024-08-01 | N/A |
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file. | ||||
CVE-1999-1268 | 1 Kde | 1 Kde | 2024-08-01 | N/A |
Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. | ||||
CVE-1999-1270 | 1 Kde | 1 Kde | 2024-08-01 | N/A |
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps. | ||||
CVE-1999-1267 | 1 Kde | 1 Kde | 2024-08-01 | N/A |
KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server. | ||||
CVE-1999-1107 | 1 Kde | 1 Kde | 2024-08-01 | N/A |
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable. | ||||
CVE-1999-1096 | 1 Kde | 1 Kde | 2024-08-01 | N/A |
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable. | ||||
CVE-1999-1106 | 1 Kde | 1 Kde | 2024-08-01 | N/A |
Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument. | ||||
CVE-1999-0781 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2024-08-01 | N/A |
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | ||||
CVE-1999-0780 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2024-08-01 | N/A |
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. | ||||
CVE-1999-0735 | 1 Kde | 1 K-mail | 2024-08-01 | N/A |
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories. | ||||
CVE-1999-0782 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2024-08-01 | N/A |
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. |