Vulnerabilities > KDE

DATE CVE VULNERABILITY TITLE RISK
2022-02-26 CVE-2022-24986 Missing Authorization vulnerability in KDE Kcron
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session.
local
low complexity
kde CWE-862
4.6
2022-02-11 CVE-2022-23853 Improper Input Validation vulnerability in KDE Kate and Ktexteditor
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type.
network
kde CWE-20
6.8
2021-07-01 CVE-2021-36083 Out-of-bounds Write vulnerability in KDE Kimageformats
KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE.
network
kde CWE-787
4.3
2021-06-02 CVE-2021-31855 Cleartext Transmission of Sensitive Information vulnerability in KDE Messagelib 5.5.1
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations.
network
low complexity
kde CWE-319
4.0
2021-03-20 CVE-2021-28117 Unspecified vulnerability in KDE Discover
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site.
network
low complexity
kde
5.0
2020-10-26 CVE-2020-27187 Unspecified vulnerability in KDE Partition Manager 4.1.0
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0.
local
low complexity
kde
7.2
2020-10-07 CVE-2020-26164 Resource Exhaustion vulnerability in multiple products
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
local
low complexity
kde opensuse CWE-400
4.9
2020-09-02 CVE-2020-24654 Link Following vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
4.3
2020-08-03 CVE-2020-16116 Path Traversal vulnerability in multiple products
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
4.3
2020-07-27 CVE-2020-15954 Cleartext Transmission of Sensitive Information vulnerability in multiple products
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
network
kde debian CWE-319
4.3