KDE : Security Vulnerabilities, CVEs, (Bypass) CVSS score >= 8
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.
Max CVSS
8.1
EPSS Score
0.11%
Published
2016-12-23
Updated
2016-12-27
The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.
Max CVSS
8.4
EPSS Score
0.23%
Published
2020-02-11
Updated
2020-02-21
2 vulnerabilities found