← Back

Kde

kde

191 CVEs • 56 products

Products (56)

Click to collapse
Toggle
Kde
kde
66 CVEs
Konqueror
konqueror
33 CVEs
Kde Sc
kde_sc
10 CVEs
Kmail
kmail
10 CVEs
Koffice
koffice
9 CVEs
Kdelibs
kdelibs
8 CVEs
Kpdf
kpdf
8 CVEs
Plasma Workspace
plasma-workspace
7 CVEs
Kdegraphics
kdegraphics
6 CVEs
K Mail
k-mail
5 CVEs
Konqueror Embedded
konqueror_embedded
4 CVEs
Kde Workspace
kde-workspace
4 CVEs
Ark
ark
4 CVEs
Kword
kword
3 CVEs
Kauth
kauth
3 CVEs
Kde Applications
kde_applications
3 CVEs
Kvt
kvt
2 CVEs
Kmplayer
kmplayer
2 CVEs
Kio Extras
kio-extras
2 CVEs
Messagelib
messagelib
2 CVEs
Ktexteditor
ktexteditor
2 CVEs
Trojita
trojita
2 CVEs
Okular
okular
2 CVEs
Paste Applet
paste_applet
2 CVEs
Ktv
ktv
1 CVE
Kdeutils
kdeutils
1 CVE
Klisa
klisa
1 CVE
Kopete
kopete
1 CVE
Quanta
quanta
1 CVE
Dcopserver
dcopserver
1 CVE
Desktop Communication Protocol Daemon
desktop_communication_protocol_daemon
1 CVE
Arts
arts
1 CVE
Kdebase
kdebase
1 CVE
Libkhtml
libkhtml
1 CVE
Ksirc
ksirc
1 CVE
Kget
kget
1 CVE
Kcheckpass
kcheckpass
1 CVE
Kde Pim
kde_pim
1 CVE
Plasma Desktop
plasma-desktop
1 CVE
Kde Runtime
kde-runtime
1 CVE
Kde Frameworks
kde_frameworks
1 CVE
Karchives
karchives
1 CVE
Kscreenlocker
kscreenlocker
1 CVE
Kde Cli Tools
kde-cli-tools
1 CVE
Kio
kio
1 CVE
Plasma
plasma
1 CVE
Kconfig
kconfig
1 CVE
Amarok
amarok
1 CVE
Kdeconnect
kdeconnect
1 CVE
Partition Manager
partition_manager
1 CVE
Discover
discover
1 CVE
Kimageformats
kimageformats
1 CVE
Kate
kate
1 CVE
Kcron
kcron
1 CVE
Kde Beta 3
kde_beta_3
1 CVE
Kcoreaddons
kcoreaddons
1 CVE

CVEs (191)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2005-0404
2Kde
Kmail
2Kde
Kmail
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
CVE-2005-0396
1Kde
2Dcopserver
Desktop Communication Protocol Daemon
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
2.1 LOW· v2
Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."
CVE-2005-0365
1Kde
1Kde
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
2.1 LOW· v2
The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2005-0237
1Kde
2Kde
Konqueror
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that us...Show more
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.Show less
CVE-2005-0205
2Bernd Wuebben
Kde
2Kde
Kppp
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
4.6 MEDIUM· v2
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/...Show more
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.Show less
CVE-2005-0078
3Debian
KdeRedhat
5Debian Linux
Enterprise LinuxEnterprise Linux Desktop+2 more
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
4.6 MEDIUM· v2
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
CVE-2005-0011
1Kde
1Kde
Apr 16, 2026
May 2, 2005
N/A· v4
N/A· v3
10.0 HIGH· v2
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execu...Show more
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.Show less
CVE-2005-0206
15Ascii
CstexDebian+12 more
22Advanced Linux Environment
CstetexCups+19 more
Apr 16, 2026
Apr 27, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the origin...Show more
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.Show less
CVE-2005-0754
5Conectiva
GentooKde+2 more
6Fedora Core
KdeLinux+3 more
Apr 16, 2026
Apr 22, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
CVE-2004-0889
11Debian
Easy Software ProductsGentoo+8 more
16Cups
Debian LinuxEnterprise Linux+13 more
Apr 16, 2026
Jan 27, 2005
N/A· v4
N/A· v3
10.0 HIGH· v2
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilit...Show more
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.Show less
CVE-2004-0888
11Debian
Easy Software ProductsGentoo+8 more
16Cups
Debian LinuxEnterprise Linux+13 more
Apr 16, 2026
Jan 27, 2005
N/A· v4
N/A· v3
10.0 HIGH· v2
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code,...Show more
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.Show less
CVE-2004-0886
9Apple
KdeLibtiff+6 more
13Enterprise Linux
Enterprise Linux DesktopFedora Core+10 more
Apr 16, 2026
Jan 27, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
CVE-2004-1171
3Kde
MandrakesoftRedhat
3Fedora Core
KdeMandrake Linux
Apr 16, 2026
Jan 10, 2005
N/A· v4
N/A· v3
2.1 LOW· v2
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which m...Show more
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.Show less
CVE-2004-1165
1Kde
2Kdelibs
Konqueror
Apr 16, 2026
Jan 10, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting...Show more
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.Show less
CVE-2004-1158
3Kde
MandrakesoftRedhat
3Fedora Core
KonquerorMandrake Linux
Apr 16, 2026
Jan 10, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a differe...Show more
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.Show less
CVE-2004-1125
3Easy Software Products
KdeXpdf
3Cups
KdeXpdf
Apr 16, 2026
Jan 10, 2005
N/A· v4
N/A· v3
9.3 HIGH· v2
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of s...Show more
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.Show less
CVE-2004-1491
4Gentoo
KdeOpera+1 more
4Kde
LinuxOpera Browser+1 more
Apr 16, 2026
Dec 31, 2004
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
CVE-2004-0867
4Kde
MicrosoftMozilla+1 more
5Firefox
IeInternet Explorer+2 more
Apr 16, 2026
Dec 23, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a us...Show more
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.Show less
CVE-2004-0803
9Apple
KdeLibtiff+6 more
13Enterprise Linux
Enterprise Linux DesktopFedora Core+10 more
Apr 16, 2026
Dec 23, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
CVE-2004-0746
4Gentoo
KdeMandrakesoft+1 more
5Kde
KonquerorLinux+2 more
Apr 16, 2026
Oct 20, 2004
N/A· v4
N/A· v3
7.5 HIGH· v2
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack an...Show more
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.Show less