Kde

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2016-7968 1Kde 1Kmail May 6, 2026 Dec 23, 2016 N/A· v4 6.5 MEDIUM· v3 7.5 HIGH· v2 KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
CVE-2016-7967 1Kde 1Kmail May 6, 2026 Dec 23, 2016 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.
CVE-2016-7966 4Debian FedoraprojectKde+1 more 4Debian Linux FedoraKmail+1 more May 6, 2026 Dec 23, 2016 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space int...Show more Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.Show less
CVE-2016-7787 2Kde Opensuse 3Kde Cli Tools LeapOpensuse May 6, 2026 Dec 23, 2016 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
CVE-2016-2312 3Fedoraproject KdeOpensuse 4Fedora KscreenlockerLeap+1 more May 6, 2026 Dec 23, 2016 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
CVE-2016-6232 2Canonical Kde 2Karchives Ubuntu Linux May 6, 2026 Aug 2, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff...Show more Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.Show less
CVE-2016-3100 2Kde Opensuse 3Kde Frameworks LeapOpensuse May 6, 2026 Jul 13, 2016 N/A· v4 8.4 HIGH· v3 2.1 LOW· v2 kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by r...Show more kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.Show less
CVE-2015-1308 1Kde 2Kde Workspace Plasma Workspace May 6, 2026 Jan 26, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.
CVE-2015-1307 1Kde 1Plasma Workspace May 6, 2026 Jan 26, 2015 N/A· v4 N/A· v3 4.3 MEDIUM· v2 plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.
CVE-2013-7252 1Kde 1Kde Applications May 6, 2026 Jan 18, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
CVE-2014-8600 3Kde OpensuseUrs Wolfer 4Kde Runtime Kio ExtrasKwebkitpart+1 more May 6, 2026 Dec 8, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a c...Show more Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.Show less
CVE-2014-8651 1Kde 2Kde Workspace Plasma Desktop May 6, 2026 Dec 6, 2014 N/A· v4 N/A· v3 7.2 HIGH· v2 The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.
CVE-2014-5033 3Canonical DebianKde 4Kauth Kde4libsKdelibs+1 more May 6, 2026 Aug 19, 2014 N/A· v4 N/A· v3 6.9 MEDIUM· v2 KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess Polkit...Show more KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."Show less
CVE-2014-3494 2Kde Opensuse 2Kdelibs Opensuse May 6, 2026 Jul 1, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an inva...Show more kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.Show less
CVE-2013-2074 1Kde 1Kdelibs Apr 29, 2026 Feb 5, 2014 N/A· v4 N/A· v3 5.0 MEDIUM· v2 kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error me...Show more kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.Show less
CVE-2011-2725 3Canonical KdeOpensuse 4Ark Kde ScOpensuse+1 more Apr 29, 2026 Feb 4, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
CVE-2013-4132 2Kde Opensuse 3Kde Workspace Kde ScOpensuse Apr 29, 2026 Sep 16, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash)...Show more KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.Show less
CVE-2012-4515 1Kde 1Kde Apr 29, 2026 Nov 11, 2012 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary c...Show more Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.Show less
CVE-2012-4514 1Kde 1Kde Apr 29, 2026 Nov 11, 2012 N/A· v4 N/A· v3 5.0 MEDIUM· v2 rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part....Show more rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."Show less
CVE-2012-4513 1Kde 1Kde Apr 29, 2026 Nov 11, 2012 N/A· v4 N/A· v3 6.4 MEDIUM· v2 khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and...Show more khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.Show less

Previous 1 234 5...10 Next