Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kde vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-31855
KDE Messagelib up to and including 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote...
Kde Messagelib
7.5
CVSSv3
CVE-2021-28117
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover prior to 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)
Kde Discover
7.8
CVSSv3
CVE-2020-27187
An issue exists in KDE Partition Manager 4.1.0 prior to 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning r...
Kde Partition Manager
5.5
CVSSv3
CVE-2020-26164
In kdeconnect-kde (aka KDE Connect) prior to 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
Kde Kdeconnect
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
3.3
CVSSv3
CVE-2020-24654
In KDE Ark prior to 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
Kde Ark
Canonical Ubuntu Linux 16.04
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Opensuse Leap 15.1
Fedoraproject Fedora 32
Canonical Ubuntu Linux 20.04
Opensuse Leap 15.2
Debian Debian Linux 9.0
Fedoraproject Fedora 33
3.3
CVSSv3
CVE-2020-16116
In kerfuffle/jobs.cpp in KDE Ark prior to 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
Kde Ark
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
1 Article
6.5
CVSSv3
CVE-2020-15954
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
Kde Kmail 19.12.3
Debian Debian Linux 9.0
5.5
CVSSv3
CVE-2020-13152
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows malicious users to cause a denial of service.
Kde Amarok 2.8.0
3.3
CVSSv3
CVE-2020-12755
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras up to and including 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.
Kde Kio-extras
6.5
CVSSv3
CVE-2020-11880
An issue exists in KDE KMail prior to 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demon...
Kde Kmail
2 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »