Vulnerabilities > KDE
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-20 | CVE-2020-13152 | Memory Leak vulnerability in KDE Amarok 2.8.0 A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service. | 4.3 |
2020-05-09 | CVE-2020-12755 | Information Exposure vulnerability in KDE Kio-Extras fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. | 2.1 |
2020-04-17 | CVE-2020-11880 | Unspecified vulnerability in KDE Kmail An issue was discovered in KDE KMail before 19.12.3. | 6.4 |
2020-03-24 | CVE-2020-9359 | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | 5.3 |
2020-03-12 | CVE-2018-19516 | Improper Input Validation vulnerability in KDE Applications messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. | 5.0 |
2020-02-11 | CVE-2013-2213 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in KDE Paste Applet The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. | 2.1 |
2020-02-11 | CVE-2013-2120 | Improper Authentication vulnerability in KDE Paste Applet The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. | 2.1 |
2020-02-08 | CVE-2012-4512 | Type Confusion vulnerability in multiple products The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." | 8.8 |
2019-12-10 | CVE-2013-4133 | Improper Resource Shutdown or Release vulnerability in multiple products kde-workspace before 4.10.5 has a memory leak in plasma desktop | 7.8 |
2019-08-07 | CVE-2019-14744 | OS Command Injection vulnerability in multiple products In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. | 7.8 |