Vulnerabilities > KDE

DATE CVE VULNERABILITY TITLE RISK
2020-05-20 CVE-2020-13152 Memory Leak vulnerability in KDE Amarok 2.8.0
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
network
kde CWE-401
4.3
2020-05-09 CVE-2020-12755 Information Exposure vulnerability in KDE Kio-Extras
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option.
local
low complexity
kde CWE-200
2.1
2020-04-17 CVE-2020-11880 Unspecified vulnerability in KDE Kmail
An issue was discovered in KDE KMail before 19.12.3.
network
low complexity
kde
6.4
2020-03-24 CVE-2020-9359 KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
local
low complexity
kde debian fedoraproject
5.3
2020-03-12 CVE-2018-19516 Improper Input Validation vulnerability in KDE Applications
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.
network
low complexity
kde CWE-20
5.0
2020-02-11 CVE-2013-2213 Use of a Broken or Risky Cryptographic Algorithm vulnerability in KDE Paste Applet
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output.
local
low complexity
kde CWE-327
2.1
2020-02-11 CVE-2013-2120 Improper Authentication vulnerability in KDE Paste Applet
The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.
local
low complexity
kde CWE-287
2.1
2020-02-08 CVE-2012-4512 Type Confusion vulnerability in multiple products
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
network
low complexity
kde redhat CWE-843
8.8
2019-12-10 CVE-2013-4133 Improper Resource Shutdown or Release vulnerability in multiple products
kde-workspace before 4.10.5 has a memory leak in plasma desktop
network
low complexity
kde debian CWE-404
7.8
2019-08-07 CVE-2019-14744 OS Command Injection vulnerability in multiple products
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction.
7.8