Vulnerabilities > KDE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-08 | CVE-2018-10380 | Link Following vulnerability in multiple products kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack. | 7.2 |
| 2018-04-25 | CVE-2018-10361 | Exposure of Resource to Wrong Sphere vulnerability in KDE Ktexteditor An issue was discovered in KTextEditor 5.34.0 through 5.45.0. | 7.2 |
| 2018-02-07 | CVE-2018-6791 | OS Command Injection vulnerability in multiple products An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. | 7.2 |
| 2017-05-17 | CVE-2017-8422 | Authentication Bypass by Spoofing vulnerability in KDE Kauth and Kdelibs KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. | 7.2 |
| 2017-03-27 | CVE-2017-5330 | OS Command Injection vulnerability in multiple products ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications. | 7.8 |
| 2016-12-23 | CVE-2016-7968 | Code Injection vulnerability in KDE Kmail 4.4.0/5.2.3/5.3.0 KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. | 7.5 |
| 2016-12-23 | CVE-2016-7966 | Code Injection vulnerability in multiple products Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. | 7.3 |
| 2014-12-06 | CVE-2014-8651 | Permissions, Privileges, and Access Controls vulnerability in KDE Kde-Workspace and Plasma-Desktop The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. | 7.2 |
| 2009-09-08 | CVE-2009-2702 | Cryptographic Issues vulnerability in KDE Kdelibs 3.5.4/4.2.4/4.3 KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 |
| 2007-09-18 | CVE-2007-4941 | Resource Management Errors vulnerability in KDE Kmplayer KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a .avi file with certain large "indx truck size" and nEntriesInuse values. | 7.1 |