Vulnerabilities > KDE
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-25 | CVE-2018-10361 | Exposure of Resource to Wrong Sphere vulnerability in KDE Ktexteditor An issue was discovered in KTextEditor 5.34.0 through 5.45.0. | 7.8 |
| 2018-02-07 | CVE-2018-6791 | OS Command Injection vulnerability in multiple products An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. | 6.8 |
| 2018-02-07 | CVE-2018-6790 | Information Exposure vulnerability in KDE Plasma-Workspace An issue was discovered in KDE Plasma Workspace before 5.12.0. | 5.3 |
| 2017-09-28 | CVE-2014-8878 | Cryptographic Issues vulnerability in KDE Kmail 4.11.5 KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.9 |
| 2017-07-25 | CVE-2015-7543 | Race Condition vulnerability in multiple products aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. | 7.0 |
| 2017-06-13 | CVE-2017-9604 | Missing Encryption of Sensitive Data vulnerability in KDE Kmail and Messagelib KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. | 7.5 |
| 2017-05-17 | CVE-2017-8422 | Authentication Bypass by Spoofing vulnerability in KDE Kauth KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. | 7.8 |
| 2017-03-27 | CVE-2017-5330 | OS Command Injection vulnerability in multiple products ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | 7.8 |
| 2017-03-02 | CVE-2017-6410 | Cleartext Transmission of Sensitive Information vulnerability in KDE Kdelibs kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. | 5.5 |
| 2016-12-23 | CVE-2016-7968 | Code Injection vulnerability in KDE Kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. | 6.5 |