Vulnerabilities > KDE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-29 | CVE-2018-19120 | Information Exposure vulnerability in KDE Applications The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. | 7.5 |
| 2018-05-08 | CVE-2018-10380 | Link Following vulnerability in multiple products kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | 7.8 |
| 2018-04-25 | CVE-2018-10361 | Exposure of Resource to Wrong Sphere vulnerability in KDE Ktexteditor An issue was discovered in KTextEditor 5.34.0 through 5.45.0. | 7.8 |
| 2017-07-25 | CVE-2015-7543 | Race Condition vulnerability in multiple products aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. | 7.0 |
| 2017-06-13 | CVE-2017-9604 | Missing Encryption of Sensitive Data vulnerability in KDE Kmail and Messagelib KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. | 7.5 |
| 2017-05-17 | CVE-2017-8422 | Authentication Bypass by Spoofing vulnerability in KDE Kauth KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. | 7.8 |
| 2017-03-27 | CVE-2017-5330 | OS Command Injection vulnerability in multiple products ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | 7.8 |
| 2016-12-23 | CVE-2016-7967 | Improper Access Control vulnerability in KDE Kmail KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. | 8.1 |
| 2016-12-23 | CVE-2016-7966 | Code Injection vulnerability in multiple products Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. | 7.3 |
| 2016-08-02 | CVE-2016-6232 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. | 7.5 |