Vulnerabilities (CVE)

Filtered by vendor Kde Subscribe
Total 195 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0886 9 Apple, Kde, Libtiff and 6 more 13 Mac Os X, Mac Os X Server, Kde and 10 more 2025-04-03 5.0 MEDIUM N/A
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
CVE-2002-0227 2 Kde, Kicq 2 Kde, Kicq 2025-04-03 5.0 MEDIUM N/A
KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.
CVE-2005-3624 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2025-04-03 5.0 MEDIUM N/A
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVE-2003-0459 2 Kde, Redhat 8 Konqueror, Konqueror Embedded, Analog Real-time Synthesizer and 5 more 2025-04-03 5.0 MEDIUM N/A
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
CVE-2003-0988 1 Kde 1 Kde 2025-04-03 7.5 HIGH N/A
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
CVE-2005-2101 1 Kde 1 Kde 2025-04-03 5.0 MEDIUM N/A
langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.
CVE-2004-1171 3 Kde, Mandrakesoft, Redhat 3 Kde, Mandrake Linux, Fedora Core 2025-04-03 2.1 LOW N/A
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
CVE-2002-1247 2 Kde, Lisa 3 Kde, Klisa, Lisa 2025-04-03 7.2 HIGH N/A
Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.
CVE-2004-0721 1 Kde 1 Konqueror 2025-04-03 7.5 HIGH N/A
Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVE-2004-0690 1 Kde 1 Kde 2025-04-03 4.6 MEDIUM N/A
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
CVE-2005-4684 1 Kde 1 Konqueror 2025-04-03 6.4 MEDIUM N/A
Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.
CVE-1999-1270 1 Kde 1 Kde 2025-04-03 4.6 MEDIUM N/A
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
CVE-2002-2333 1 Kde 1 Kde 2025-04-03 5.0 MEDIUM N/A
Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
CVE-2005-2971 1 Kde 1 Koffice 2025-04-03 7.5 HIGH N/A
Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.
CVE-2003-0370 4 Apple, Kde, Redhat and 1 more 6 Safari, Kde, Konqueror Embedded and 3 more 2025-04-03 7.5 HIGH N/A
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
CVE-2005-3626 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2025-04-03 5.0 MEDIUM N/A
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVE-1999-0735 1 Kde 1 K-mail 2025-04-03 4.6 MEDIUM N/A
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.
CVE-2000-0373 1 Kde 1 Kvt 2025-04-03 7.2 HIGH N/A
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
CVE-1999-1107 1 Kde 1 Kde 2025-04-03 7.2 HIGH N/A
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
CVE-2004-0689 2 Debian, Kde 2 Debian Linux, Kde 2025-04-03 4.6 MEDIUM 7.1 HIGH
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.