Vulnerabilities > KDE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-05 | CVE-2024-36041 | Unspecified vulnerability in KDE Plasma-Workspace KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. | 7.8 |
| 2024-02-11 | CVE-2024-1433 | Unspecified vulnerability in KDE Plasma-Workspace A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. | 3.7 |
| 2022-02-26 | CVE-2022-24986 | Exposure of Resource to Wrong Sphere vulnerability in KDE Kcron KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. | 7.8 |
| 2022-02-11 | CVE-2022-23853 | Uncontrolled Search Path Element vulnerability in KDE Ktexteditor The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. | 7.8 |
| 2021-08-10 | CVE-2021-38372 | Command Injection vulnerability in KDE Trojita 0.7 In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS. | 3.7 |
| 2021-08-10 | CVE-2021-38373 | Cleartext Transmission of Sensitive Information vulnerability in KDE Kmail 19.12.3 In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked. | 5.3 |
| 2021-07-01 | CVE-2021-36083 | Out-of-bounds Write vulnerability in KDE Kimageformats KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. | 5.5 |
| 2021-06-02 | CVE-2021-31855 | Cleartext Storage of Sensitive Information vulnerability in KDE Messagelib 5.5.1 KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. | 6.5 |
| 2021-03-20 | CVE-2021-28117 | Unspecified vulnerability in KDE Discover libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. | 7.5 |
| 2020-10-26 | CVE-2020-27187 | Unspecified vulnerability in KDE Partition Manager 4.1.0 An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. | 7.8 |