Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kde kio vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-6410
kpac/script.cpp in KDE kio prior to 5.32 and kdelibs prior to 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote malicious users to obtain sensitive infor...
Kde Kdelibs
Kde Kio
187
VMScore
CVE-2020-12755
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras up to and including 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.
Kde Kio-extras
383
VMScore
CVE-2014-8600
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and previous versions, kwebkitpart 1.3.4 and previous versions, and kio-extras 5.1.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via a crafted URI using the (1)...
Urs Wolfer Kwebkitpart
Kde Kde-runtime
Kde Kio-extras
Opensuse Opensuse 13.1
445
VMScore
CVE-2018-19120
The HTML thumbnailer plugin in KDE Applications prior to 18.12.0 allows malicious users to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
Kde Kde Applications
668
VMScore
CVE-2002-1282
Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote malicious users to execute arbitrary code via a certain URL.
Kde Kde 2.1.1
Kde Kde 2.1.2
Kde Kde 3.0.3
Kde Kde 3.0.4
Kde Kde 2.1
Kde Kde 3.0.1
Kde Kde 3.0.2
Kde Kde 2.2
Kde Kde 2.2.1
Kde Kde 2.2.2
Kde Kde 3.0
668
VMScore
CVE-2002-1281
Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and previous versions, allows local and remote malicious users to execute arbitrary code via a certain URL.
Kde Kde 2.2.1
Kde Kde 2.2.2
Kde Kde 3.0
Kde Kde 2.1.2
Kde Kde 2.2
Kde Kde 3.0.1
Kde Kde 3.0.2
Kde Kde 2.1
Kde Kde 2.1.1
Kde Kde 3.0.3
Kde Kde 3.0.4
383
VMScore
CVE-2014-3494
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 prior to 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle malicious users to obtain sensitive information via an invalid certificate.
Opensuse Opensuse 13.1
Kde Kdelibs 4.11.5
Kde Kdelibs 4.11.90
Kde Kdelibs 4.12.4
Kde Kdelibs 4.11.95
Kde Kdelibs 4.11.97
Kde Kdelibs 4.12.0
Kde Kdelibs 4.12.1
Kde Kdelibs 4.12.2
Kde Kdelibs 4.11.0
Kde Kdelibs 4.11.1
Kde Kdelibs 4.11.2
Kde Kdelibs 4.11.3
Kde Kdelibs 4.12.90
Kde Kdelibs 4.12.95
Kde Kdelibs 4.12.97
Kde Kdelibs 4.13.0
Kde Kdelibs 4.12.80
Kde Kdelibs 4.13.1
Kde Kdelibs 4.10.97
Kde Kdelibs 4.11.4
Kde Kdelibs 4.11.80
445
VMScore
CVE-2013-2074
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and previous versions allows malicious users to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
Kde Kdelibs
Kde Kdelibs 4.10.1
Kde Kdelibs 4.10.2
Kde Kdelibs 4.10.0
383
VMScore
CVE-2011-1094
kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs prior to 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle malicious users to spoof arbitrary SSL servers via a certificate issued ...
Redhat Kdelibs
Redhat Kdelibs 3.5.10
Redhat Kdelibs 3.5.9
Redhat Kdelibs 3.5.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started