Vulnerabilities > KDE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-26 | CVE-2015-1308 | Information Exposure vulnerability in KDE Kde-Workspace and Plasma-Workspace kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked. | 4.3 |
| 2015-01-26 | CVE-2015-1307 | Improper Access Control vulnerability in KDE Plasma-Workspace plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package. | 4.3 |
| 2015-01-18 | CVE-2013-7252 | Cryptographic Issues vulnerability in KDE Applications 14.11.3 kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack. | 5.0 |
| 2014-12-08 | CVE-2014-8600 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message. | 4.3 |
| 2014-08-19 | CVE-2014-5033 | Race Condition vulnerability in multiple products KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." | 6.9 |
| 2014-07-01 | CVE-2014-3494 | Information Exposure vulnerability in multiple products kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate. | 4.3 |
| 2014-02-05 | CVE-2013-2074 | Information Exposure vulnerability in KDE Kdelibs kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message. | 5.0 |
| 2014-02-04 | CVE-2011-2725 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. | 6.8 |
| 2013-09-16 | CVE-2013-4132 | Cryptographic Issues vulnerability in multiple products KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass. | 5.0 |
| 2012-11-11 | CVE-2012-4515 | Resource Management Errors vulnerability in KDE 4.7.3 Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. | 6.8 |