Filtered by vendor Kde
Subscribe
Total
195 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2333 | 1 Kde | 1 Kde | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. | |||||
| CVE-2005-0205 | 2 Bernd Wuebben, Kde | 2 Kppp, Kde | 2025-04-03 | 4.6 MEDIUM | N/A |
| KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp. | |||||
| CVE-2002-0227 | 2 Kde, Kicq | 2 Kde, Kicq | 2025-04-03 | 5.0 MEDIUM | N/A |
| KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. | |||||
| CVE-2003-0690 | 1 Kde | 1 Kde | 2025-04-03 | 10.0 HIGH | N/A |
| KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. | |||||
| CVE-2002-1152 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
| Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. | |||||
| CVE-2006-2916 | 2 Kde, Linux | 2 Arts, Linux Kernel | 2025-04-03 | 6.0 MEDIUM | 7.8 HIGH |
| artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. | |||||
| CVE-2004-1165 | 1 Kde | 2 Kdelibs, Konqueror | 2025-04-03 | 7.5 HIGH | N/A |
| Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | |||||
| CVE-1999-1267 | 1 Kde | 1 Kde | 2025-04-03 | 5.0 MEDIUM | N/A |
| KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server. | |||||
| CVE-2004-0886 | 9 Apple, Kde, Libtiff and 6 more | 13 Mac Os X, Mac Os X Server, Kde and 10 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | |||||
| CVE-2005-1046 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
| Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. | |||||
| CVE-2004-1158 | 3 Kde, Mandrakesoft, Redhat | 3 Konqueror, Mandrake Linux, Fedora Core | 2025-04-03 | 7.5 HIGH | N/A |
| Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | |||||
| CVE-2004-1171 | 3 Kde, Mandrakesoft, Redhat | 3 Kde, Mandrake Linux, Fedora Core | 2025-04-03 | 2.1 LOW | N/A |
| KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. | |||||
| CVE-2004-0867 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
| Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. | |||||
| CVE-2003-0459 | 2 Kde, Redhat | 8 Konqueror, Konqueror Embedded, Analog Real-time Synthesizer and 5 more | 2025-04-03 | 5.0 MEDIUM | N/A |
| KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. | |||||
| CVE-2006-3672 | 1 Kde | 1 Konqueror | 2025-04-03 | 2.6 LOW | N/A |
| KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. | |||||
| CVE-2003-0204 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
| KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. | |||||
| CVE-2002-1281 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL. | |||||
| CVE-2002-0970 | 1 Kde | 2 Kde, Konqueror | 2025-04-03 | 7.5 HIGH | N/A |
| The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | |||||
| CVE-2001-1197 | 1 Kde | 1 Kdeutils | 2025-04-03 | 4.6 MEDIUM | N/A |
| klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file. | |||||
| CVE-1999-1269 | 1 Kde | 1 Kde Beta 3 | 2025-04-03 | 2.1 LOW | N/A |
| Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file. | |||||