Vulnerabilities > KDE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-01-09 | CVE-2007-0104 | Improper Input Validation vulnerability in multiple products The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | 6.8 |
| 2006-12-29 | CVE-2006-6811 | Reachable Assertion vulnerability in multiple products KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. | 6.5 |
| 2006-12-20 | CVE-2006-6660 | Denial Of Service vulnerability in KDE LibkHTML NodeType Function The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag. network kde | 4.3 |
| 2006-12-05 | CVE-2006-6297 | Resource Management Errors vulnerability in KDE Kdegraphics 3.2/3.4.3 Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion. | 5.0 |
| 2006-12-03 | CVE-2006-6120 | Integer Overflow vulnerability in KDE Koffice 1.6.1 Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow. network kde | 6.8 |
| 2006-09-06 | CVE-2006-3742 | Remote Security vulnerability in KDE Kdebase 3.5.40.4.Fc5 The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times. | 10.0 |
| 2006-07-27 | CVE-2006-2933 | kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop. | 4.6 |
| 2006-07-18 | CVE-2006-3672 | Denial Of Service vulnerability in KDE Konqueror ReplaceChild KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. | 2.6 |
| 2006-06-15 | CVE-2006-2916 | Improper Check for Dropped Privileges vulnerability in KDE Arts 1.0/1.2 artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. | 7.8 |
| 2006-06-15 | CVE-2006-2449 | Symbolic Link vulnerability in KDE KDM Session Type KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login. | 4.0 |