Vulnerabilities > KDE > Low

DATE CVE VULNERABILITY TITLE RISK
2024-02-11 CVE-2024-1433 Unspecified vulnerability in KDE Plasma-Workspace
A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0.
network
high complexity
kde
3.7
2021-08-10 CVE-2021-38372 Command Injection vulnerability in KDE Trojita 0.7
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.
network
high complexity
kde CWE-77
3.7
2020-09-02 CVE-2020-24654 Link Following vulnerability in multiple products
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
3.3
2020-08-03 CVE-2020-16116 Path Traversal vulnerability in multiple products
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
3.3
2020-05-09 CVE-2020-12755 Unspecified vulnerability in KDE Kio-Extras
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option.
local
low complexity
kde
3.3