Kde

kde

Vendor: Kde • 66 CVEs

CVEs (66)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2005-0205 2Bernd Wuebben Kde 2Kde Kppp Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 4.6 MEDIUM· v2 KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/...Show more KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.Show less
CVE-2005-0078 3Debian KdeRedhat 5Debian Linux Enterprise LinuxEnterprise Linux Desktop+2 more Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
CVE-2005-0011 1Kde 1Kde Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execu...Show more Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.Show less
CVE-2005-0206 15Ascii CstexDebian+12 more 22Advanced Linux Environment CstetexCups+19 more Apr 16, 2026 Apr 27, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the origin...Show more The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.Show less
CVE-2005-0754 5Conectiva GentooKde+2 more 6Fedora Core KdeLinux+3 more Apr 16, 2026 Apr 22, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
CVE-2004-0889 11Debian Easy Software ProductsGentoo+8 more 16Cups Debian LinuxEnterprise Linux+13 more Apr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilit...Show more Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.Show less
CVE-2004-0888 11Debian Easy Software ProductsGentoo+8 more 16Cups Debian LinuxEnterprise Linux+13 more Apr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code,...Show more Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.Show less
CVE-2004-0886 9Apple KdeLibtiff+6 more 13Enterprise Linux Enterprise Linux DesktopFedora Core+10 more Apr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
CVE-2004-1171 3Kde MandrakesoftRedhat 3Fedora Core KdeMandrake Linux Apr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which m...Show more KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.Show less
CVE-2004-1125 3Easy Software Products KdeXpdf 3Cups KdeXpdf Apr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of s...Show more Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.Show less
CVE-2004-1491 4Gentoo KdeOpera+1 more 4Kde LinuxOpera Browser+1 more Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
CVE-2004-0803 9Apple KdeLibtiff+6 more 13Enterprise Linux Enterprise Linux DesktopFedora Core+10 more Apr 16, 2026 Dec 23, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
CVE-2004-0746 4Gentoo KdeMandrakesoft+1 more 5Kde KonquerorLinux+2 more Apr 16, 2026 Oct 20, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack an...Show more Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.Show less
CVE-2004-0690 1Kde 1Kde Apr 16, 2026 Sep 28, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
CVE-2004-0689 2Debian Kde 2Debian Linux Kde Apr 16, 2026 Sep 28, 2004 N/A· v4 7.1 HIGH· v3 4.6 MEDIUM· v2 KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
CVE-2003-0988 1Kde 1Kde Apr 16, 2026 Feb 17, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
CVE-2003-0692 1Kde 1Kde Apr 16, 2026 Oct 6, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user...Show more KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.Show less
CVE-2003-0690 1Kde 1Kde Apr 16, 2026 Oct 6, 2003 N/A· v4 N/A· v3 10.0 HIGH· v2 KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain...Show more KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.Show less
CVE-2003-0370 4Apple KdeRedhat+1 more 6Kde Konqueror EmbeddedLinux+3 more Apr 16, 2026 Jun 16, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
CVE-2003-0204 1Kde 1Kde Apr 16, 2026 May 5, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Gho...Show more KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.Show less

Previous 123 4 Next