Filtered by vendor Kde
Subscribe
Total
193 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-1491 | 4 Gentoo, Kde, Opera and 1 more | 4 Linux, Kde, Opera Browser and 1 more | 2023-12-10 | 5.0 MEDIUM | N/A |
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. | |||||
CVE-2001-1197 | 1 Kde | 1 Kdeutils | 2023-12-10 | 4.6 MEDIUM | N/A |
klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file. | |||||
CVE-2002-2333 | 1 Kde | 1 Kde | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. | |||||
CVE-2004-0746 | 4 Gentoo, Kde, Mandrakesoft and 1 more | 5 Linux, Kde, Konqueror and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | |||||
CVE-2004-0870 | 1 Kde | 1 Konqueror | 2023-12-10 | 5.0 MEDIUM | N/A |
KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | |||||
CVE-2002-1306 | 1 Kde | 1 Kde | 2023-12-10 | 7.5 HIGH | N/A |
Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL. | |||||
CVE-2003-1478 | 1 Kde | 1 Konqueror | 2023-12-10 | 4.3 MEDIUM | N/A |
Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm. | |||||
CVE-1999-0735 | 1 Kde | 1 K-mail | 2023-12-10 | 4.6 MEDIUM | N/A |
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories. | |||||
CVE-1999-1096 | 1 Kde | 1 Kde | 2023-12-10 | 7.2 HIGH | N/A |
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable. | |||||
CVE-2003-0690 | 1 Kde | 1 Kde | 2023-12-10 | 10.0 HIGH | N/A |
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. | |||||
CVE-2003-0204 | 1 Kde | 1 Kde | 2023-12-10 | 7.5 HIGH | N/A |
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. | |||||
CVE-2000-0371 | 1 Kde | 1 Kde | 2023-12-10 | 1.2 LOW | N/A |
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. | |||||
CVE-2001-0782 | 1 Kde | 1 Ktv | 2023-12-10 | 7.2 HIGH | N/A |
KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. | |||||
CVE-2003-0592 | 1 Kde | 2 Konqueror, Konqueror Embedded | 2023-12-10 | 7.5 HIGH | N/A |
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. | |||||
CVE-2002-0342 | 1 Kde | 1 K-mail | 2023-12-10 | 5.0 MEDIUM | N/A |
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long. | |||||
CVE-2004-0866 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2023-12-10 | 7.5 HIGH | N/A |
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | |||||
CVE-2000-0918 | 1 Kde | 1 Kvt | 2023-12-10 | 7.2 HIGH | N/A |
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters. | |||||
CVE-2000-0481 | 1 Kde | 1 K-mail | 2023-12-10 | 5.0 MEDIUM | N/A |
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name. | |||||
CVE-2000-0530 | 2 Caldera, Kde | 2 Openlinux, Kde | 2023-12-10 | 7.2 HIGH | N/A |
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files. | |||||
CVE-2002-0227 | 2 Kde, Kicq | 2 Kde, Kicq | 2023-12-10 | 5.0 MEDIUM | N/A |
KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. |