Vulnerabilities (CVE)

Filtered by vendor Kde Subscribe
Total 195 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-4382 1 Kde 1 Konqueror 2025-04-09 5.0 MEDIUM N/A
Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
CVE-2009-3604 5 Foolabs, Glyphandcog, Gnome and 2 more 5 Xpdf, Xpdfreader, Gpdf and 2 more 2025-04-09 9.3 HIGH N/A
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
CVE-2009-2896 1 Kde 1 Kmplayer 2025-04-09 9.3 HIGH N/A
Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.
CVE-2009-3608 7 Foolabs, Glyph And Cog, Glyphandcog and 4 more 7 Xpdf, Pdftops, Xpdfreader and 4 more 2025-04-09 9.3 HIGH N/A
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2007-4569 1 Kde 1 Kde 2025-04-09 6.8 MEDIUM N/A
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.
CVE-2009-4035 3 Gnome, Kde, Xpdf 4 Gpdf, Kdegraphics, Kpdf and 1 more 2025-04-09 9.3 HIGH N/A
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
CVE-2007-4224 1 Kde 1 Konqueror 2025-04-09 4.3 MEDIUM N/A
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
CVE-2008-1671 1 Kde 1 Kde 2025-04-09 4.6 MEDIUM N/A
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.
CVE-2007-2164 1 Kde 1 Konqueror 2025-04-09 5.0 MEDIUM N/A
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
CVE-2007-4941 1 Kde 1 Kmplayer 2025-04-09 7.1 HIGH N/A
KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a .avi file with certain large "indx truck size" and nEntriesInuse values.
CVE-2007-4229 1 Kde 1 Konqueror 2025-04-09 4.3 MEDIUM N/A
Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6120 1 Kde 1 Koffice 2025-04-09 6.8 MEDIUM N/A
Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.
CVE-2009-3609 6 Foolabs, Glyph And Cog, Glyphandcog and 3 more 6 Xpdf, Pdftops, Xpdfreader and 3 more 2025-04-09 4.3 MEDIUM N/A
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
CVE-2007-4225 1 Kde 1 Konqueror 2025-04-09 6.8 MEDIUM N/A
Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.
CVE-2008-5712 1 Kde 1 Konqueror 2025-04-09 5.0 MEDIUM N/A
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514.
CVE-2006-6811 2 Canonical, Kde 2 Ubuntu Linux, Ksirc 2025-04-09 4.3 MEDIUM 6.5 MEDIUM
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.
CVE-2009-2702 1 Kde 1 Kdelibs 2025-04-09 7.5 HIGH N/A
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
CVE-2006-6297 1 Kde 1 Kdegraphics 2025-04-09 5.0 MEDIUM N/A
Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.
CVE-2007-1565 1 Kde 1 Konqueror 2025-04-09 7.8 HIGH N/A
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.
CVE-2006-6660 1 Kde 1 Libkhtml 2025-04-09 4.3 MEDIUM N/A
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.