Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kde vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2017-6410
kpac/script.cpp in KDE kio prior to 5.32 and kdelibs prior to 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote malicious users to obtain sensitive infor...
Kde Kdelibs
Kde Kio
4.9
CVSSv3
CVE-2016-7787
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
Kde Kde-cli-tools -
Opensuse Leap 42.1
Opensuse Opensuse 13.2
6.8
CVSSv3
CVE-2016-2312
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
Kde Kscreenlocker
Kde Plasma-workspace
Fedoraproject Fedora 22
Opensuse Leap 42.1
Fedoraproject Fedora 23
7.5
CVSSv3
CVE-2016-6232
Directory traversal vulnerability in KArchive prior to 5.24, as used in KDE Frameworks, allows remote malicious users to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Kde Karchives
8.4
CVSSv3
CVE-2016-3100
kinit in KDE Frameworks prior to 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Kde Kde Frameworks
NA
CVE-2015-0856
daemon/Greeter.cpp in sddm prior to 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
Fedoraproject Fedora 22
Sddm Project Sddm
NA
CVE-2015-1307
plasma-workspace prior to 5.1.95 allows remote malicious users to obtain passwords via a Trojan horse Look and Feel package.
Kde Plasma-workspace
NA
CVE-2015-1308
kde-workspace 4.2.0 and plasma-workspace prior to 5.1.95 allows remote malicious users to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.
Kde Plasma-workspace
Kde Kde-workspace
NA
CVE-2013-7252
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for malicious users to guess passwords via a codebook attack.
Kde Kde Applications
NA
CVE-2014-8600
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and previous versions, kwebkitpart 1.3.4 and previous versions, and kio-extras 5.1.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via a crafted URI using the (1)...
Urs Wolfer Kwebkitpart
Kde Kde-runtime
Kde Kio-extras
Opensuse Opensuse 13.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »