Vulnerabilities > KDE > KDE
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-01-27 | CVE-2004-0886 | Buffer Overflow vulnerability in LibTIFF Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. | 5.0 |
2005-01-10 | CVE-2004-1171 | KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. | 2.1 |
2005-01-10 | CVE-2004-1125 | Improper Input Validation vulnerability in multiple products Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. | 9.3 |
2004-12-31 | CVE-2004-1491 | Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. | 5.0 |
2004-12-23 | CVE-2004-0803 | Buffer Overflow vulnerability in LibTIFF Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. | 7.5 |
2004-10-20 | CVE-2004-0746 | Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | 7.5 |
2004-09-28 | CVE-2004-0690 | Unspecified vulnerability in KDE 3.2.1 The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory. | 4.6 |
2004-09-28 | CVE-2004-0689 | Link Following vulnerability in multiple products KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. | 7.1 |
2004-02-17 | CVE-2003-0988 | Remote Buffer Overflow vulnerability in KDE Personal Information Management Suite VCF File Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. | 7.5 |
2003-10-06 | CVE-2003-0692 | Unspecified vulnerability in KDE KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. | 7.5 |