Vulnerabilities > KDE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-10 | CVE-2021-38373 | Cleartext Transmission of Sensitive Information vulnerability in KDE Kmail 19.12.3 In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked. | 5.3 |
| 2021-07-01 | CVE-2021-36083 | Out-of-bounds Write vulnerability in KDE Kimageformats KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. | 5.5 |
| 2021-06-02 | CVE-2021-31855 | Cleartext Storage of Sensitive Information vulnerability in KDE Messagelib 5.5.1 KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. | 6.5 |
| 2020-10-07 | CVE-2020-26164 | Resource Exhaustion vulnerability in multiple products In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. | 5.5 |
| 2020-07-27 | CVE-2020-15954 | Cleartext Transmission of Sensitive Information vulnerability in multiple products KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. | 6.5 |
| 2020-05-20 | CVE-2020-13152 | Memory Leak vulnerability in KDE Amarok 2.8.0 A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service. | 5.5 |
| 2020-04-17 | CVE-2020-11880 | Unspecified vulnerability in KDE Kmail An issue was discovered in KDE KMail before 19.12.3. | 6.5 |
| 2020-03-24 | CVE-2020-9359 | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | 5.3 |
| 2020-03-12 | CVE-2018-19516 | Improper Input Validation vulnerability in KDE Applications messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. | 5.3 |
| 2020-02-11 | CVE-2013-2213 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in KDE Paste Applet The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. | 5.5 |