Vulnerabilities > KDE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-26 | CVE-2022-24986 | Missing Authorization vulnerability in KDE Kcron KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. | 4.6 |
| 2022-02-11 | CVE-2022-23853 | Improper Input Validation vulnerability in KDE Kate and Ktexteditor The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. | 6.8 |
| 2021-07-01 | CVE-2021-36083 | Out-of-bounds Write vulnerability in KDE Kimageformats KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. | 4.3 |
| 2021-06-02 | CVE-2021-31855 | Cleartext Storage of Sensitive Information vulnerability in KDE Messagelib 5.5.1 KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. | 4.0 |
| 2021-03-20 | CVE-2021-28117 | Unspecified vulnerability in KDE Discover libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. | 5.0 |
| 2020-10-26 | CVE-2020-27187 | Unspecified vulnerability in KDE Partition Manager 4.1.0 An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. | 7.2 |
| 2020-10-07 | CVE-2020-26164 | Resource Exhaustion vulnerability in multiple products In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. | 5.5 |
| 2020-09-02 | CVE-2020-24654 | Link Following vulnerability in multiple products In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. | 4.3 |
| 2020-08-03 | CVE-2020-16116 | Path Traversal vulnerability in multiple products In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. | 4.3 |
| 2020-07-27 | CVE-2020-15954 | Cleartext Transmission of Sensitive Information vulnerability in multiple products KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. | 4.3 |