Vulnerabilities > KDE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-05 | CVE-2024-36041 | Unspecified vulnerability in KDE Plasma-Workspace KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. | 7.8 |
| 2022-02-26 | CVE-2022-24986 | Exposure of Resource to Wrong Sphere vulnerability in KDE Kcron KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. | 7.8 |
| 2022-02-11 | CVE-2022-23853 | Uncontrolled Search Path Element vulnerability in KDE Ktexteditor The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. | 7.8 |
| 2021-03-20 | CVE-2021-28117 | Unspecified vulnerability in KDE Discover libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. | 7.5 |
| 2020-10-26 | CVE-2020-27187 | Unspecified vulnerability in KDE Partition Manager 4.1.0 An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. | 7.2 |
| 2020-02-08 | CVE-2012-4512 | Type Confusion vulnerability in multiple products The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." | 8.8 |
| 2019-12-10 | CVE-2013-4133 | Improper Resource Shutdown or Release vulnerability in multiple products kde-workspace before 4.10.5 has a memory leak in plasma desktop | 7.8 |
| 2019-08-07 | CVE-2019-14744 | OS Command Injection vulnerability in multiple products In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. | 7.8 |
| 2019-05-07 | CVE-2019-7443 | Improper Input Validation vulnerability in multiple products KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. | 8.1 |
| 2018-11-29 | CVE-2018-19120 | Information Exposure vulnerability in KDE Applications The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. | 7.5 |