Vulnerabilities > KDE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-11-11 | CVE-2012-4514 | Unspecified vulnerability in KDE rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." | 5.0 |
| 2012-11-11 | CVE-2012-4513 | Buffer Errors vulnerability in KDE 4.7.3 khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. | 6.4 |
| 2012-08-07 | CVE-2012-3413 | Configuration vulnerability in KDE PIM 4.6/4.8 The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. | 4.3 |
| 2012-01-06 | CVE-2011-5054 | Improper Authentication vulnerability in KDE Kcheckpass kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. | 6.9 |
| 2010-11-05 | CVE-2010-3704 | Improper Input Validation vulnerability in multiple products The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. | 6.8 |
| 2010-08-30 | CVE-2010-2575 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in KDE SC Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file. | 6.8 |
| 2010-08-02 | CVE-2009-4976 | Cross-Site Scripting vulnerability in URS Wolfer Kwebkitpart 0.9.6 Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | 4.3 |
| 2010-05-17 | CVE-2010-1511 | Permissions, Privileges, and Access Controls vulnerability in KDE SC and Kget KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. | 6.4 |
| 2010-05-17 | CVE-2010-1000 | Path Traversal vulnerability in KDE SC Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | 5.8 |
| 2010-04-15 | CVE-2010-0436 | Race Condition vulnerability in KDE SC Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. | 6.9 |