Vulnerabilities > KDE
|2020-10-26||CVE-2020-27187|| Command Injection vulnerability in KDE Partition Manager 4.1.0 |
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0.
| 7.2 |
|2020-10-07||CVE-2020-26164|| Resource Exhaustion vulnerability in multiple products |
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
| 4.9 |
|2020-09-02||CVE-2020-24654|| Link Following vulnerability in multiple products |
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
| 4.3 |
|2020-08-03||CVE-2020-16116|| Path Traversal vulnerability in multiple products |
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
| 4.3 |
|2020-07-27||CVE-2020-15954|| Cleartext Transmission of Sensitive Information vulnerability in multiple products |
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
| 4.3 |
|2020-05-20||CVE-2020-13152|| Resource Exhaustion vulnerability in KDE Amarok 2.8.0 |
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
| 4.3 |
|2020-05-09||CVE-2020-12755|| Information Exposure vulnerability in KDE Kio-Extras |
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option.
| 2.1 |
|2020-04-17||CVE-2020-11880|| Unspecified vulnerability in KDE Kmail |
An issue was discovered in KDE KMail before 19.12.3.
| 6.4 |
|2020-03-24||CVE-2020-9359|| Improper Input Validation vulnerability in multiple products |
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
| 6.8 |
|2020-03-12||CVE-2018-19516|| Improper Input Validation vulnerability in KDE Applications |
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.
| 5.0 |