Vulnerabilities > KDE
|2022-02-26||CVE-2022-24986|| Missing Authorization vulnerability in KDE Kcron |
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session.
| 4.6 |
|2022-02-11||CVE-2022-23853|| Improper Input Validation vulnerability in KDE Kate and Ktexteditor |
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type.
| 6.8 |
|2021-07-01||CVE-2021-36083|| Out-of-bounds Write vulnerability in KDE Kimageformats |
KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE.
| 4.3 |
|2021-06-02||CVE-2021-31855|| Cleartext Storage of Sensitive Information vulnerability in KDE Messagelib 5.5.1 |
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations.
| 4.0 |
|2021-03-20||CVE-2021-28117|| Unspecified vulnerability in KDE Discover |
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site.
| 5.0 |
|2020-10-26||CVE-2020-27187|| Unspecified vulnerability in KDE Partition Manager 4.1.0 |
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0.
| 7.2 |
|2020-10-07||CVE-2020-26164|| Resource Exhaustion vulnerability in multiple products |
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
| 4.9 |
|2020-09-02||CVE-2020-24654|| Link Following vulnerability in multiple products |
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
| 4.3 |
|2020-08-03||CVE-2020-16116|| Path Traversal vulnerability in multiple products |
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
| 4.3 |
|2020-07-27||CVE-2020-15954|| Cleartext Transmission of Sensitive Information vulnerability in multiple products |
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
| 4.3 |