cbcvebase.

Kde vulnerabilities

62 known vulnerabilities affecting kde/kde.

Total CVEs
62
CISA KEV
0
Public exploits
12
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH30MEDIUM22LOW4

Vulnerabilities

Page 1 of 4
CVE-2012-4512P3HIGHCVSS 8.8PoCv4.7.32020-02-08
CVE-2012-4512 [HIGH] CWE-843 CVE-2012-4512: The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
nvd
CVE-2012-4513P3MEDIUMCVSS 6.4PoCv4.7.32012-11-11
CVE-2012-4513 [MEDIUM] CWE-119 CVE-2012-4513: khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
nvd
CVE-2012-4515P3MEDIUMCVSS 6.8PoCv4.7.32012-11-11
CVE-2012-4515 [MEDIUM] CWE-399 CVE-2012-4515: Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.
nvd
CVE-2004-1491P3MEDIUMCVSS 5.0PoCv3.2.32004-12-31
CVE-2004-1491 [MEDIUM] CVE-2004-1491: Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attacke Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
nvd
CVE-2012-4514P4MEDIUMCVSS 5.0PoC≤ 4.9.2v1.0+75 more2012-11-11
CVE-2012-4514 [MEDIUM] CVE-2012-4514: rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a de rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."
nvd
CVE-2002-1224P4MEDIUMCVSS 5.0PoCv3.0.1v3.0.2+2 more2002-10-28
CVE-2002-1224 [MEDIUM] CVE-2002-1224: Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.
nvd
CVE-2000-0460P4HIGHCVSS 7.2PoCv1.1v1.1.1+2 more2000-05-27
CVE-2000-0460 [HIGH] CVE-2000-0460: Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY envir Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
nvd
CVE-2005-0011P3CRITICALCVSS 10.0v3.3v3.3.1+1 more2005-05-02
CVE-2005-0011 [CRITICAL] CVE-2005-0011: Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.
nvd
CVE-2000-0393P4HIGHCVSS 7.2PoCv1.1v1.1.1+2 more2000-05-16
CVE-2000-0393 [HIGH] CVE-2000-0393: The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL e The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.
nvd
CVE-2000-0530P4HIGHCVSS 7.2PoCv1.1.22000-05-31
CVE-2000-0530 [HIGH] CVE-2000-0530: The KApplication class in the KDE 1.1.2 configuration file management capability allows local users The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
nvd
CVE-2008-1670P3CRITICALCVSS 9.3v4.0.0v4.0.1+2 more2008-04-28
CVE-2008-1670 [CRITICAL] CWE-119 CVE-2008-1670: Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
nvd
CVE-2005-0404P4MEDIUMCVSS 5.0PoCv3.3.22005-05-02
CVE-2005-0404 [MEDIUM] CVE-2005-0404: KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the ema KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
nvd
CVE-2006-0019P3HIGHCVSS 7.5v3.2v3.2.0+15 more2006-01-20
CVE-2006-0019 [HIGH] CVE-2006-0019: Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interprete Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
nvd
CVE-2004-0803P3HIGHCVSS 7.5v3.2v3.2.1+4 more2004-12-23
CVE-2004-0803 [HIGH] CVE-2004-0803: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, re Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
nvd
CVE-2004-0888P4CRITICALCVSS 10.0v3.2v3.2.1+4 more2005-01-27
CVE-2004-0888 [CRITICAL] CVE-2004-0888: Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
nvd
CVE-2003-0690P4CRITICALCVSS 10.0v1.1v1.1.1+25 more2003-10-06
CVE-2003-0690 [CRITICAL] CVE-2003-0690: KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which m KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
nvd
CVE-2002-0227P4MEDIUMCVSS 5.0PoCv2.1.22002-05-16
CVE-2002-0227 [MEDIUM] CVE-2002-0227: KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.
nvd
CVE-2007-4569P4MEDIUMCVSS 6.8v3.3v3.3.0+16 more2007-09-21
CVE-2007-4569 [MEDIUM] CWE-264 CVE-2007-4569: backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.
nvd
CVE-2004-1125P4CRITICALCVSS 9.3v3.2.3v3.3.22005-01-10
CVE-2004-1125 [CRITICAL] CWE-20 CVE-2004-1125: Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors arra
nvd
CVE-2001-0610P4MEDIUMCVSS 4.6PoCv1.x2001-08-02
CVE-2001-0610 [MEDIUM] CVE-2001-0610: kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
nvd
Kde vulnerabilities | cvebase