Vulnerabilities > KDE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-07-26 | CVE-2005-1852 | Numeric Errors vulnerability in multiple products Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. | 7.5 |
| 2005-05-02 | CVE-2005-1046 | Buffer Overflow vulnerability in KDE 3.4.0 Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. | 7.5 |
| 2005-05-02 | CVE-2005-0404 | KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email. | 5.0 |
| 2005-05-02 | CVE-2005-0396 | Local Denial of Service vulnerability in KDE Dcopserver and Desktop Communication Protocol Daemon Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process." | 2.1 |
| 2005-05-02 | CVE-2005-0365 | Unspecified vulnerability in KDE 3.2.X/3.3.X The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | 2.1 |
| 2005-05-02 | CVE-2005-0237 | Unspecified vulnerability in KDE and Konqueror The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 5.0 |
| 2005-05-02 | CVE-2005-0205 | KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp. | 4.6 |
| 2005-05-02 | CVE-2005-0078 | The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. | 4.6 |
| 2005-05-02 | CVE-2005-0011 | Unspecified vulnerability in KDE 3.3/3.3.1/3.3.2 Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows. | 10.0 |
| 2005-04-27 | CVE-2005-0206 | Integer Overflow vulnerability in Xpdf PDFTOPS The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | 7.5 |