Vulnerabilities > KDE

DATE CVE VULNERABILITY TITLE RISK
2019-05-07 CVE-2019-7443 Improper Input Validation vulnerability in multiple products
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp.
network
high complexity
kde opensuse fedoraproject CWE-20
8.1
2019-04-07 CVE-2019-10732 Cleartext Transmission of Sensitive Information vulnerability in multiple products
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email.
network
kde debian CWE-319
4.3
2018-11-29 CVE-2018-19120 Information Exposure vulnerability in KDE Applications
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
network
low complexity
kde CWE-200
7.5
2018-09-06 CVE-2018-1000801 Path Traversal vulnerability in multiple products
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation.
network
kde debian CWE-22
4.3
2018-05-16 CVE-2017-17689 The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. 4.3
2018-05-08 CVE-2018-10380 Link Following vulnerability in multiple products
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
local
low complexity
kde debian opensuse CWE-59
7.2
2018-04-25 CVE-2018-10361 Exposure of Resource to Wrong Sphere vulnerability in KDE Ktexteditor
An issue was discovered in KTextEditor 5.34.0 through 5.45.0.
local
low complexity
kde CWE-668
7.2
2018-02-07 CVE-2018-6791 OS Command Injection vulnerability in multiple products
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0.
local
low complexity
kde debian CWE-78
7.2
2018-02-07 CVE-2018-6790 Information Exposure vulnerability in KDE Plasma-Workspace
An issue was discovered in KDE Plasma Workspace before 5.12.0.
network
low complexity
kde CWE-200
5.0
2017-09-28 CVE-2014-8878 Cryptographic Issues vulnerability in KDE Kmail 4.11.5
KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
network
kde CWE-310
4.3