Vulnerabilities > KDE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-01 | CVE-2021-36083 | Out-of-bounds Write vulnerability in KDE Kimageformats KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. | 4.3 |
| 2021-06-02 | CVE-2021-31855 | Cleartext Storage of Sensitive Information vulnerability in KDE Messagelib 5.5.1 KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. | 6.5 |
| 2020-10-07 | CVE-2020-26164 | Resource Exhaustion vulnerability in multiple products In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack. | 5.5 |
| 2020-07-27 | CVE-2020-15954 | Cleartext Transmission of Sensitive Information vulnerability in multiple products KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use. | 4.3 |
| 2020-05-20 | CVE-2020-13152 | Memory Leak vulnerability in KDE Amarok 2.8.0 A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service. | 4.3 |
| 2020-04-17 | CVE-2020-11880 | Unspecified vulnerability in KDE Kmail An issue was discovered in KDE KMail before 19.12.3. | 6.4 |
| 2020-03-24 | CVE-2020-9359 | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | 5.3 |
| 2020-03-12 | CVE-2018-19516 | Improper Input Validation vulnerability in KDE Applications messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. | 5.0 |
| 2019-04-07 | CVE-2019-10732 | Cleartext Transmission of Sensitive Information vulnerability in multiple products In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. | 4.3 |
| 2018-09-06 | CVE-2018-1000801 | Path Traversal vulnerability in multiple products okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. | 4.3 |