Kde Sc

kde_sc

Vendor: Kde • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2011-2725 3Canonical KdeOpensuse 4Ark Kde ScOpensuse+1 more Apr 29, 2026 Feb 4, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
CVE-2013-4132 2Kde Opensuse 3Kde Workspace Kde ScOpensuse Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash)...Show more KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.Show less
CVE-2011-3365 1Kde 1Kde Sc Apr 29, 2026 Nov 29, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the...Show more The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.Show less
CVE-2011-1586 1Kde 1Kde Sc Apr 29, 2026 Apr 27, 2011 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (d...Show more Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.Show less
CVE-2011-1168 1Kde 1Kde Sc Apr 29, 2026 Apr 18, 2011 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI...Show more Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.Show less
CVE-2010-2575 1Kde 1Kde Sc Apr 29, 2026 Aug 30, 2010 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause...Show more Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.Show less
CVE-2010-1511 1Kde 2Kde Sc Kget Apr 29, 2026 May 17, 2010 N/A· v4 N/A· v3 6.4 MEDIUM· v2 KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
CVE-2010-1000 1Kde 1Kde Sc Apr 29, 2026 May 17, 2010 N/A· v4 N/A· v3 5.8 MEDIUM· v2 Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
CVE-2010-0436 1Kde 1Kde Sc Apr 29, 2026 Apr 15, 2010 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a...Show more Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.Show less
CVE-2010-0923 1Kde 1Kde Sc Apr 29, 2026 Mar 3, 2010 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation b...Show more Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.Show less