Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kde vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2020-26164
In kdeconnect-kde (aka KDE Connect) prior to 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
Kde Kdeconnect
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
5.5
CVSSv3
CVE-2020-13152
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows malicious users to cause a denial of service.
Kde Amarok 2.8.0
5.5
CVSSv3
CVE-2013-2213
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent malicious users to defeat cryptographic protection mechanisms by predicting the...
Kde Paste Applet
5.5
CVSSv3
CVE-2018-1000801
okular version 18.08 and previous versions contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via...
Kde Okular
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5.5
CVSSv3
CVE-2017-6410
kpac/script.cpp in KDE kio prior to 5.32 and kdelibs prior to 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote malicious users to obtain sensitive infor...
Kde Kdelibs
Kde Kio
5.3
CVSSv3
CVE-2021-38373
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
Kde Kmail 19.12.3
5.3
CVSSv3
CVE-2020-9359
KDE Okular prior to 1.10.0 allows code execution via an action link in a PDF document.
Kde Okular
Debian Debian Linux 8.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
5.3
CVSSv3
CVE-2018-19516
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications prior to 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.
Kde Kde Applications
5.3
CVSSv3
CVE-2018-6790
An issue exists in KDE Plasma Workspace prior to 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote malicious users to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
Kde Plasma-workspace
4.9
CVSSv3
CVE-2016-7787
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
Kde Kde-cli-tools -
Opensuse Leap 42.1
Opensuse Opensuse 13.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »