Vulnerabilities > KDE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2013-2120 | Improper Authentication vulnerability in KDE Paste Applet The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack. | 8.4 |
| 2020-02-08 | CVE-2012-4512 | Type Confusion vulnerability in multiple products The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." | 8.8 |
| 2019-12-10 | CVE-2013-4133 | Improper Resource Shutdown or Release vulnerability in multiple products kde-workspace before 4.10.5 has a memory leak in plasma desktop | 7.5 |
| 2019-08-07 | CVE-2019-14744 | OS Command Injection vulnerability in multiple products In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. | 7.8 |
| 2019-05-07 | CVE-2019-7443 | Improper Input Validation vulnerability in multiple products KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. | 8.1 |
| 2019-04-07 | CVE-2019-10732 | Cleartext Transmission of Sensitive Information vulnerability in multiple products In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. | 4.3 |
| 2018-11-29 | CVE-2018-19120 | Information Exposure vulnerability in KDE Applications The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. | 7.5 |
| 2018-09-06 | CVE-2018-1000801 | Path Traversal vulnerability in multiple products okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. | 5.5 |
| 2018-05-16 | CVE-2017-17689 | The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. | 5.9 |
| 2018-05-08 | CVE-2018-10380 | Link Following vulnerability in multiple products kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | 7.8 |