A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
Max CVSS
4.9
EPSS Score
0.15%
Published
2016-12-23
Updated
2018-10-30
Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.
Max CVSS
4.7
EPSS Score
0.04%
Published
2007-12-19
Updated
2017-07-29
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.
Max CVSS
4.6
EPSS Score
0.04%
Published
2000-01-04
Updated
2008-09-09
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
Max CVSS
4.6
EPSS Score
0.04%
Published
1998-11-18
Updated
2016-10-18
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
Max CVSS
4.6
EPSS Score
0.05%
Published
1998-07-11
Updated
2017-12-19
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-08-02
Updated
2017-12-19
klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-12-14
Updated
2017-07-11
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
Max CVSS
4.6
EPSS Score
0.06%
Published
2004-09-28
Updated
2017-07-11
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
Max CVSS
4.6
EPSS Score
0.16%
Published
2005-05-02
Updated
2017-10-11
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-05-02
Updated
2017-10-11
kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.
Max CVSS
4.6
EPSS Score
0.07%
Published
2006-07-27
Updated
2017-10-11
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes.
Max CVSS
4.6
EPSS Score
0.04%
Published
2008-04-28
Updated
2017-08-08
Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm.
Max CVSS
4.3
EPSS Score
0.49%
Published
2003-12-31
Updated
2017-07-29
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.
Max CVSS
4.3
EPSS Score
1.00%
Published
2006-12-20
Updated
2011-03-08
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.
Max CVSS
4.3
EPSS Score
95.74%
Published
2007-03-07
Updated
2018-10-16
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
Max CVSS
4.3
EPSS Score
1.11%
Published
2007-08-08
Updated
2018-10-15
Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
3.84%
Published
2007-08-08
Updated
2018-10-15
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Max CVSS
4.3
EPSS Score
0.41%
Published
2007-12-28
Updated
2018-10-15
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
1.48%
Published
2008-12-22
Updated
2017-09-29
KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Max CVSS
4.3
EPSS Score
4.30%
Published
2009-07-20
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
Max CVSS
4.3
EPSS Score
0.45%
Published
2011-04-18
Updated
2023-02-13
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
Max CVSS
4.3
EPSS Score
0.55%
Published
2011-11-29
Updated
2023-02-13
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.
Max CVSS
4.3
EPSS Score
0.45%
Published
2012-08-07
Updated
2012-08-08
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
Max CVSS
4.3
EPSS Score
0.11%
Published
2014-07-01
Updated
2018-10-30
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.
Max CVSS
4.3
EPSS Score
0.32%
Published
2014-12-08
Updated
2018-10-30
32 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!