Filtered by vendor Kde
Subscriptions
Total
209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2725 | 3 Canonical, Kde, Opensuse | 4 Ubuntu Linux, Ark, Kde Sc and 1 more | 2025-04-11 | N/A |
| Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file. | ||||
| CVE-2010-1511 | 1 Kde | 2 Kde Sc, Kget | 2025-04-11 | N/A |
| KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. | ||||
| CVE-2012-4513 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2025-04-11 | N/A |
| khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. | ||||
| CVE-2012-4515 | 1 Kde | 1 Kde | 2025-04-11 | N/A |
| Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. | ||||
| CVE-2011-5054 | 1 Kde | 1 Kcheckpass | 2025-04-11 | N/A |
| kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched." | ||||
| CVE-2011-3365 | 2 Kde, Redhat | 2 Kde Sc, Enterprise Linux | 2025-04-11 | N/A |
| The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. | ||||
| CVE-2011-1168 | 2 Kde, Redhat | 2 Kde Sc, Enterprise Linux | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site. | ||||
| CVE-2010-2575 | 1 Kde | 1 Kde Sc | 2025-04-11 | N/A |
| Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file. | ||||
| CVE-2010-0923 | 1 Kde | 1 Kde Sc | 2025-04-11 | N/A |
| Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes. | ||||
| CVE-2010-0436 | 2 Kde, Redhat | 2 Kde Sc, Enterprise Linux | 2025-04-11 | N/A |
| Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. | ||||
| CVE-2013-4132 | 2 Kde, Opensuse | 3 Kde-workspace, Kde Sc, Opensuse | 2025-04-11 | N/A |
| KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass. | ||||
| CVE-2011-1586 | 2 Kde, Redhat | 2 Kde Sc, Enterprise Linux | 2025-04-11 | N/A |
| Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. | ||||
| CVE-2012-3413 | 1 Kde | 1 Kde Pim | 2025-04-11 | N/A |
| The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. | ||||
| CVE-2012-3455 | 1 Kde | 1 Koffice | 2025-04-11 | N/A |
| Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. | ||||
| CVE-2007-1308 | 2 Kde, Redhat | 2 Konqueror, Enterprise Linux | 2025-04-09 | N/A |
| ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. | ||||
| CVE-2007-4569 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2025-04-09 | N/A |
| backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. | ||||
| CVE-2007-3820 | 2 Kde, Redhat | 2 Konqueror, Enterprise Linux | 2025-04-09 | N/A |
| konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | ||||
| CVE-2007-5963 | 1 Kde | 1 Kde | 2025-04-09 | N/A |
| Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors. | ||||
| CVE-2009-3604 | 6 Foolabs, Glyphandcog, Gnome and 3 more | 6 Xpdf, Xpdfreader, Gpdf and 3 more | 2025-04-09 | N/A |
| The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow. | ||||
| CVE-2009-3606 | 5 Foolabs, Glyphandcog, Kde and 2 more | 5 Xpdf, Xpdfreader, Kpdf and 2 more | 2025-04-09 | N/A |
| Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. | ||||