Vulnerabilities > KDE

DATE CVE VULNERABILITY TITLE RISK
2020-10-26 CVE-2020-27187 Command Injection vulnerability in KDE Partition Manager 4.1.0
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0.
local
low complexity
kde CWE-77
7.2
2020-10-07 CVE-2020-26164 Resource Exhaustion vulnerability in multiple products
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
local
low complexity
kde opensuse CWE-400
4.9
2020-09-02 CVE-2020-24654 Link Following vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
4.3
2020-08-03 CVE-2020-16116 Path Traversal vulnerability in multiple products
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
4.3
2020-07-27 CVE-2020-15954 Cleartext Transmission of Sensitive Information vulnerability in multiple products
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
network
kde debian CWE-319
4.3
2020-05-20 CVE-2020-13152 Resource Exhaustion vulnerability in KDE Amarok 2.8.0
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
network
kde CWE-400
4.3
2020-05-09 CVE-2020-12755 Information Exposure vulnerability in KDE Kio-Extras
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option.
local
low complexity
kde CWE-200
2.1
2020-04-17 CVE-2020-11880 Unspecified vulnerability in KDE Kmail
An issue was discovered in KDE KMail before 19.12.3.
network
low complexity
kde
6.4
2020-03-24 CVE-2020-9359 Improper Input Validation vulnerability in multiple products
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
6.8
2020-03-12 CVE-2018-19516 Improper Input Validation vulnerability in KDE Applications
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.
network
low complexity
kde CWE-20
5.0