Vulnerabilities > KDE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-05 | CVE-2024-36041 | Unspecified vulnerability in KDE Plasma-Workspace KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. | 7.8 |
| 2024-02-11 | CVE-2024-1433 | Path Traversal vulnerability in KDE Plasma-Workspace A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. | 3.7 |
| 2022-02-26 | CVE-2022-24986 | Exposure of Resource to Wrong Sphere vulnerability in KDE Kcron KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. | 7.8 |
| 2022-02-11 | CVE-2022-23853 | Uncontrolled Search Path Element vulnerability in KDE Ktexteditor The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. | 7.8 |
| 2021-07-01 | CVE-2021-36083 | Out-of-bounds Write vulnerability in KDE Kimageformats KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. | 4.3 |
| 2021-06-02 | CVE-2021-31855 | Cleartext Storage of Sensitive Information vulnerability in KDE Messagelib 5.5.1 KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. | 6.5 |
| 2021-03-20 | CVE-2021-28117 | Unspecified vulnerability in KDE Discover libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. | 7.5 |
| 2020-10-26 | CVE-2020-27187 | Unspecified vulnerability in KDE Partition Manager 4.1.0 An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. | 7.2 |
| 2020-10-07 | CVE-2020-26164 | Resource Exhaustion vulnerability in multiple products In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. | 5.5 |
| 2020-09-02 | CVE-2020-24654 | Link Following vulnerability in multiple products In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | 3.3 |