Vulnerabilities > KDE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-02-17 | CVE-2003-0988 | Remote Buffer Overflow vulnerability in KDE Personal Information Management Suite VCF File Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. | 7.5 |
| 2003-10-06 | CVE-2003-0692 | Unspecified vulnerability in KDE KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. | 7.5 |
| 2003-06-16 | CVE-2003-0370 | Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. | 7.5 |
| 2003-05-27 | CVE-2003-0256 | Unspecified vulnerability in KDE Kopete 0.6.1 The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands. | 7.5 |
| 2003-05-05 | CVE-2003-0204 | Unspecified vulnerability in KDE KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. | 7.5 |
| 2003-01-17 | CVE-2002-1393 | Unspecified vulnerability in KDE Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses. | 7.5 |
| 2002-11-29 | CVE-2002-1306 | Remote Security vulnerability in Kde Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL. | 7.5 |
| 2002-11-29 | CVE-2002-1282 | Unspecified vulnerability in KDE Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL. | 7.5 |
| 2002-11-29 | CVE-2002-1281 | Unspecified vulnerability in KDE Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL. | 7.5 |
| 2002-11-29 | CVE-2002-1247 | Local Buffer Overflow vulnerability in KDE Network RESLISA LOGNAME Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon. | 7.2 |