CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

KDE : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-28117 2021-03-20 2021-04-01
5.0
None Remote Low Not required None Partial None
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)
2 CVE-2020-27187 77 Exec Code +Priv 2020-10-26 2020-11-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.
3 CVE-2020-26164 400 DoS 2020-10-07 2021-01-26
4.9
None Local Low Not required None None Complete
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
4 CVE-2020-24654 59 2020-09-02 2021-01-11
4.3
None Remote Medium Not required None Partial None
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
5 CVE-2020-16116 22 Dir. Trav. 2020-08-03 2020-08-24
4.3
None Remote Medium Not required None Partial None
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
6 CVE-2020-15954 319 2020-07-27 2020-07-30
4.3
None Remote Medium Not required Partial None None
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
7 CVE-2020-13152 400 DoS 2020-05-20 2020-11-05
4.3
None Remote Medium Not required None None Partial
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
8 CVE-2020-12755 200 +Info 2020-05-09 2020-05-13
2.1
None Local Low Not required Partial None None
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.
9 CVE-2020-11880 2020-04-17 2020-04-29
6.4
None Remote Low Not required Partial Partial None
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.
10 CVE-2020-9359 20 Exec Code 2020-03-24 2020-07-27
6.8
None Remote Medium Not required Partial Partial Partial
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
11 CVE-2019-14744 78 Exec Code 2019-08-07 2020-08-24
5.1
None Remote High Not required Partial Partial Partial
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
12 CVE-2019-10732 2019-04-07 2019-06-18
4.3
None Remote Medium Not required None Partial None
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
13 CVE-2019-7443 20 2019-05-07 2019-05-10
9.3
None Remote Medium Not required Complete Complete Complete
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
14 CVE-2018-1000801 22 Dir. Trav. 2018-09-06 2019-03-20
4.3
None Remote Medium Not required None Partial None
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1
15 CVE-2018-19516 20 2020-03-12 2020-03-18
5.0
None Remote Low Not required Partial None None
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.
16 CVE-2018-19120 200 +Info 2018-11-29 2019-01-31
5.0
None Remote Low Not required Partial None None
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
17 CVE-2018-10380 59 2018-05-08 2018-06-12
7.2
None Local Low Not required Complete Complete Complete
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
18 CVE-2018-10361 668 +Priv 2018-04-25 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.
19 CVE-2018-6791 78 Exec Code 2018-02-07 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
20 CVE-2018-6790 200 +Info 2018-02-07 2019-08-06
5.0
None Remote Low Not required Partial None None
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
21 CVE-2017-17689 2018-05-16 2019-10-03
4.3
None Remote Medium Not required Partial None None
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
22 CVE-2017-8422 290 +Priv 2017-05-17 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
23 CVE-2017-6410 319 +Info 2017-03-02 2019-10-03
4.3
None Remote Medium Not required Partial None None
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
24 CVE-2017-5330 78 Exec Code 2017-03-27 2017-03-31
6.8
None Remote Medium Not required Partial Partial Partial
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
25 CVE-2016-7968 94 Exec Code 2016-12-23 2016-12-27
7.5
None Remote Low Not required Partial Partial Partial
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
26 CVE-2016-7967 94 2016-12-23 2016-12-27
5.8
None Remote Medium Not required Partial Partial None
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.
27 CVE-2016-7966 94 2016-12-23 2016-12-27
7.5
None Remote Low Not required Partial Partial Partial
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
28 CVE-2016-7787 94 Exec Code 2016-12-23 2018-10-30
4.0
None Remote Low ??? None Partial None
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
29 CVE-2016-6232 22 Dir. Trav. 2016-08-02 2016-11-28
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
30 CVE-2016-3100 200 +Priv +Info 2016-07-13 2018-10-30
2.1
None Local Low Not required Partial None None
kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.
31 CVE-2016-2312 254 2016-12-23 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
32 CVE-2015-7543 362 2017-07-25 2017-07-31
4.4
None Local Medium Not required Partial Partial Partial
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
33 CVE-2015-1308 200 +Info 2015-01-26 2015-01-26
4.3
None Remote Medium Not required Partial None None
kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.
34 CVE-2015-1307 284 2015-01-26 2015-01-26
4.3
None Remote Medium Not required Partial None None
plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.
35 CVE-2014-8878 310 +Info 2017-09-28 2017-10-06
4.3
None Remote Medium Not required Partial None None
KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
36 CVE-2014-8651 264 +Priv 2014-12-06 2016-12-07
7.2
None Local Low Not required Complete Complete Complete
The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.
37 CVE-2014-8600 79 XSS 2014-12-08 2018-10-30
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.
38 CVE-2014-5033 362 Bypass 2014-08-19 2014-10-16
6.9
None Local Medium Not required Complete Complete Complete
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
39 CVE-2014-3494 200 +Info 2014-07-01 2018-10-30
4.3
None Remote Medium Not required Partial None None
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
40 CVE-2013-7252 310 2015-01-18 2016-08-02
5.0
None Remote Low Not required Partial None None
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
41 CVE-2013-4133 404 2019-12-10 2019-12-17
7.8
None Remote Low Not required None None Complete
kde-workspace before 4.10.5 has a memory leak in plasma desktop
42 CVE-2013-4132 310 DoS 2013-09-16 2018-10-30
5.0
None Remote Low Not required None None Partial
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
43 CVE-2013-2213 327 2020-02-11 2020-02-24
2.1
None Local Low Not required None Partial None
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output.
44 CVE-2013-2120 287 Bypass 2020-02-11 2020-02-21
2.1
None Local Low Not required Partial None None
The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.
45 CVE-2013-2074 200 +Info 2014-02-05 2014-02-25
5.0
None Remote Low Not required Partial None None
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
46 CVE-2012-4515 399 DoS Exec Code 2012-11-11 2012-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.
47 CVE-2012-4514 DoS 2012-11-11 2012-11-12
5.0
None Remote Low Not required None None Partial
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."
48 CVE-2012-4513 119 DoS Overflow 2012-11-11 2012-11-12
6.4
None Remote Low Not required Partial None Partial
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
49 CVE-2012-4512 843 DoS 2020-02-08 2020-02-14
6.8
None Remote Medium Not required Partial Partial Partial
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
50 CVE-2012-3455 119 DoS Exec Code Overflow 2012-08-20 2017-08-29
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
Total number of vulnerabilities : 179   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.