Vulnerabilities > KDE

DATE CVE VULNERABILITY TITLE RISK
2021-07-01 CVE-2021-36083 Out-of-bounds Write vulnerability in KDE Kimageformats
KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE.
network
kde CWE-787
4.3
2021-06-02 CVE-2021-31855 Cleartext Transmission of Sensitive Information vulnerability in KDE Messagelib 5.5.1
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations.
network
low complexity
kde CWE-319
4.0
2021-03-20 CVE-2021-28117 Unspecified vulnerability in KDE Discover
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site.
network
low complexity
kde
5.0
2020-10-26 CVE-2020-27187 Command Injection vulnerability in KDE Partition Manager 4.1.0
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0.
local
low complexity
kde CWE-77
7.2
2020-10-07 CVE-2020-26164 Resource Exhaustion vulnerability in multiple products
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
local
low complexity
kde opensuse CWE-400
4.9
2020-09-02 CVE-2020-24654 Link Following vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
4.3
2020-08-03 CVE-2020-16116 Path Traversal vulnerability in multiple products
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
4.3
2020-07-27 CVE-2020-15954 Cleartext Transmission of Sensitive Information vulnerability in multiple products
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
network
kde debian CWE-319
4.3
2020-05-20 CVE-2020-13152 Resource Exhaustion vulnerability in KDE Amarok 2.8.0
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
network
kde CWE-400
4.3
2020-05-09 CVE-2020-12755 Information Exposure vulnerability in KDE Kio-Extras
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option.
local
low complexity
kde CWE-200
2.1