Filtered by vendor Kde
Subscribe
Total
195 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2002-0227 | 2 Kde, Kicq | 2 Kde, Kicq | 2025-04-03 | 5.0 MEDIUM | N/A |
KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. | |||||
CVE-2005-1852 | 4 Centericq, Ekg, Kadu and 1 more | 4 Centericq, Ekg, Kadu and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. | |||||
CVE-2006-0019 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. | |||||
CVE-2001-0782 | 1 Kde | 1 Ktv | 2025-04-03 | 7.2 HIGH | N/A |
KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. | |||||
CVE-2002-0342 | 1 Kde | 1 K-mail | 2025-04-03 | 5.0 MEDIUM | N/A |
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long. | |||||
CVE-1999-1268 | 1 Kde | 1 Kde | 2025-04-03 | 7.2 HIGH | N/A |
Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. | |||||
CVE-2002-1223 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file. | |||||
CVE-2005-3625 | 18 Conectiva, Debian, Easy Software Products and 15 more | 33 Linux, Debian Linux, Cups and 30 more | 2025-04-03 | 10.0 HIGH | N/A |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." | |||||
CVE-2004-1158 | 3 Kde, Mandrakesoft, Redhat | 3 Konqueror, Mandrake Linux, Fedora Core | 2025-04-03 | 7.5 HIGH | N/A |
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | |||||
CVE-2005-0206 | 15 Ascii, Cstex, Debian and 12 more | 22 Ptex, Cstetex, Debian Linux and 19 more | 2025-04-03 | 7.5 HIGH | N/A |
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | |||||
CVE-2002-1306 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL. | |||||
CVE-2004-0411 | 1 Kde | 1 Konqueror | 2025-04-03 | 7.5 HIGH | N/A |
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code. | |||||
CVE-2002-1224 | 1 Kde | 1 Kde | 2025-04-03 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. | |||||
CVE-2005-0078 | 3 Debian, Kde, Redhat | 5 Debian Linux, Kde, Enterprise Linux and 2 more | 2025-04-03 | 4.6 MEDIUM | N/A |
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. | |||||
CVE-1999-0781 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | 7.2 HIGH | N/A |
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | |||||
CVE-2002-1282 | 1 Kde | 1 Kde | 2025-04-03 | 7.5 HIGH | N/A |
Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL. | |||||
CVE-2004-0866 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2025-04-03 | 7.5 HIGH | N/A |
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | |||||
CVE-2000-0481 | 1 Kde | 1 K-mail | 2025-04-03 | 5.0 MEDIUM | N/A |
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name. | |||||
CVE-2005-0011 | 1 Kde | 1 Kde | 2025-04-03 | 10.0 HIGH | N/A |
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows. | |||||
CVE-2004-1165 | 1 Kde | 2 Kdelibs, Konqueror | 2025-04-03 | 7.5 HIGH | N/A |
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. |