Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kde vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2017-6410
kpac/script.cpp in KDE kio prior to 5.32 and kdelibs prior to 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote malicious users to obtain sensitive infor...
Kde Kdelibs
Kde Kio
409
VMScore
CVE-2016-2312
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
Kde Kscreenlocker
Kde Plasma-workspace
Fedoraproject Fedora 22
Opensuse Leap 42.1
Fedoraproject Fedora 23
356
VMScore
CVE-2016-7787
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
Kde Kde-cli-tools -
Opensuse Leap 42.1
Opensuse Opensuse 13.2
445
VMScore
CVE-2016-6232
Directory traversal vulnerability in KArchive prior to 5.24, as used in KDE Frameworks, allows remote malicious users to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Kde Karchives
187
VMScore
CVE-2016-3100
kinit in KDE Frameworks prior to 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.
Opensuse Opensuse 13.2
Opensuse Leap 42.1
Kde Kde Frameworks
409
VMScore
CVE-2015-0856
daemon/Greeter.cpp in sddm prior to 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated by the plasma-workspace breeze theme.
Fedoraproject Fedora 22
Sddm Project Sddm
383
VMScore
CVE-2015-1307
plasma-workspace prior to 5.1.95 allows remote malicious users to obtain passwords via a Trojan horse Look and Feel package.
Kde Plasma-workspace
383
VMScore
CVE-2015-1308
kde-workspace 4.2.0 and plasma-workspace prior to 5.1.95 allows remote malicious users to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.
Kde Plasma-workspace
Kde Kde-workspace
445
VMScore
CVE-2013-7252
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for malicious users to guess passwords via a codebook attack.
Kde Kde Applications
383
VMScore
CVE-2014-8600
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and previous versions, kwebkitpart 1.3.4 and previous versions, and kio-extras 5.1.1 and previous versions allow remote malicious users to inject arbitrary web script or HTML via a crafted URI using the (1)...
Urs Wolfer Kwebkitpart
Kde Kde-runtime
Kde Kio-extras
Opensuse Opensuse 13.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »