Vulnerabilities (CVE)

Filtered by vendor Kde Subscribe
Total 195 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2916 2 Kde, Linux 2 Arts, Linux Kernel 2025-04-03 6.0 MEDIUM 7.8 HIGH
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
CVE-2004-0889 11 Debian, Easy Software Products, Gentoo and 8 more 16 Debian Linux, Cups, Linux and 13 more 2025-04-03 10.0 HIGH N/A
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
CVE-2002-0970 1 Kde 2 Kde, Konqueror 2025-04-03 7.5 HIGH N/A
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
CVE-2003-1478 1 Kde 1 Konqueror 2025-04-03 4.3 MEDIUM N/A
Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm.
CVE-2000-0460 1 Kde 1 Kde 2025-04-03 7.2 HIGH N/A
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
CVE-2001-0610 2 Kde, Suse 2 Kde, Suse Linux 2025-04-03 4.6 MEDIUM N/A
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
CVE-2005-0011 1 Kde 1 Kde 2025-04-03 10.0 HIGH N/A
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.
CVE-2004-1491 4 Gentoo, Kde, Opera and 1 more 4 Linux, Kde, Opera Browser and 1 more 2025-04-03 5.0 MEDIUM N/A
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
CVE-2004-1125 3 Easy Software Products, Kde, Xpdf 3 Cups, Kde, Xpdf 2025-04-03 9.3 HIGH N/A
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
CVE-2004-0866 4 Kde, Microsoft, Mozilla and 1 more 5 Konqueror, Ie, Internet Explorer and 2 more 2025-04-03 7.5 HIGH N/A
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
CVE-2000-0918 1 Kde 1 Kvt 2025-04-03 7.2 HIGH N/A
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.
CVE-2005-2494 1 Kde 1 Kde 2025-04-03 7.2 HIGH N/A
kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.
CVE-1999-0781 3 Freebsd, Kde, Linux 3 Freebsd, Kde, Linux Kernel 2025-04-03 7.2 HIGH N/A
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
CVE-2004-0870 1 Kde 1 Konqueror 2025-04-03 5.0 MEDIUM N/A
KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
CVE-2004-0867 4 Kde, Microsoft, Mozilla and 1 more 5 Konqueror, Ie, Internet Explorer and 2 more 2025-04-03 7.5 HIGH N/A
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
CVE-1999-0782 3 Freebsd, Kde, Linux 3 Freebsd, Kde, Linux Kernel 2025-04-03 2.1 LOW N/A
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
CVE-2002-1151 1 Kde 2 Kde, Konqueror 2025-04-03 7.5 HIGH N/A
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
CVE-2005-0205 2 Bernd Wuebben, Kde 2 Kppp, Kde 2025-04-03 4.6 MEDIUM N/A
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.
CVE-2005-2097 2 Kde, Xpdf 2 Kpdf, Xpdf 2025-04-03 2.1 LOW N/A
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
CVE-2003-0592 1 Kde 2 Konqueror, Konqueror Embedded 2025-04-03 7.5 HIGH N/A
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.