Filtered by vendor Kde
Subscribe
Total
193 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4514 | 1 Kde | 1 Kde | 2023-12-10 | 5.0 MEDIUM | N/A |
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." | |||||
CVE-2012-3413 | 1 Kde | 1 Kde Pim | 2023-12-10 | 4.3 MEDIUM | N/A |
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. | |||||
CVE-2012-4513 | 1 Kde | 1 Kde | 2023-12-10 | 6.4 MEDIUM | N/A |
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. | |||||
CVE-2012-4515 | 1 Kde | 1 Kde | 2023-12-10 | 6.8 MEDIUM | N/A |
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. | |||||
CVE-2009-4976 | 2 Kde, Urs Wolfer | 2 Konqueror, Kwebkitpart | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | |||||
CVE-2011-1586 | 1 Kde | 1 Kde Sc | 2023-12-10 | 5.8 MEDIUM | N/A |
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. | |||||
CVE-2011-1168 | 1 Kde | 1 Kde Sc | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site. | |||||
CVE-2011-3365 | 1 Kde | 1 Kde Sc | 2023-12-10 | 4.3 MEDIUM | N/A |
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. | |||||
CVE-2010-2575 | 1 Kde | 1 Kde Sc | 2023-12-10 | 6.8 MEDIUM | N/A |
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file. | |||||
CVE-2010-1000 | 1 Kde | 1 Kde Sc | 2023-12-10 | 5.8 MEDIUM | N/A |
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. | |||||
CVE-2010-0923 | 1 Kde | 1 Kde Sc | 2023-12-10 | 6.9 MEDIUM | N/A |
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes. | |||||
CVE-2010-1511 | 1 Kde | 2 Kde Sc, Kget | 2023-12-10 | 6.4 MEDIUM | N/A |
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. | |||||
CVE-2009-4035 | 3 Gnome, Kde, Xpdf | 4 Gpdf, Kdegraphics, Kpdf and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow. | |||||
CVE-2011-5054 | 1 Kde | 1 Kcheckpass | 2023-12-10 | 6.9 MEDIUM | N/A |
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched." | |||||
CVE-2010-0436 | 1 Kde | 1 Kde Sc | 2023-12-10 | 6.9 MEDIUM | N/A |
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. | |||||
CVE-2010-3704 | 4 Foolabs, Glyphandcog, Kde and 1 more | 4 Xpdf, Xpdfreader, Kdegraphics and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. | |||||
CVE-2009-3609 | 6 Foolabs, Glyph And Cog, Glyphandcog and 3 more | 6 Xpdf, Pdftops, Xpdfreader and 3 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read. | |||||
CVE-2009-3606 | 4 Foolabs, Glyphandcog, Kde and 1 more | 4 Xpdf, Xpdfreader, Kpdf and 1 more | 2023-12-10 | 9.3 HIGH | N/A |
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. | |||||
CVE-2008-5712 | 1 Kde | 1 Konqueror | 2023-12-10 | 5.0 MEDIUM | N/A |
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514. | |||||
CVE-2008-1671 | 1 Kde | 1 Kde | 2023-12-10 | 4.6 MEDIUM | N/A |
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. |