KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | k-mail | * |
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freebsd | freebsd | 6.2 |
| linux | linux_kernel | 2.6.20.1 |
| kde | kde | 1.0 |
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freebsd | freebsd | 6.2 |
| linux | linux_kernel | 2.6.20.1 |
| kde | kde | 1.0 |
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| freebsd | freebsd | 6.2 |
| linux | linux_kernel | 2.6.20.1 |
| kde | kde | 1.0 |
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 1.0 |
Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | * |
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 1.0 |
KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | * |
Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | * |
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_beta_3 | initial |
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 1.0 |
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 1.1.1 |
| kde | kde | 1.1 |
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kvt | * |
The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 1.2 |
| kde | kde | 1.1.1 |
| kde | kde | 1.1 |
| kde | kde | 2.0_beta |
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 1.2 |
| kde | kde | 1.1.1 |
| kde | kde | 1.1 |
| kde | kde | 1.1.2 |
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | k-mail | 1.0.29 |
| kde | k-mail | 1.0.29.1 |
| kde | k-mail | 1.0.27 |
| kde | k-mail | 1.0.23 |
| kde | k-mail | 1.0.28 |
| kde | k-mail | 1.0.24 |
| kde | k-mail | 1.0.25 |
| kde | k-mail | 1.0.26 |
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| caldera | openlinux | 2.4 |
| kde | kde | 1.1.2 |
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kvt | 1.1.2 |
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 1.x |
| suse | suse_linux | 7.0 |
KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | ktv | * |
klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kdeutils | 2.2 |
| kde | kdeutils | 2.2.2 |
KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 2.1.2 |
| kicq | kicq | 2.0.0b1 |
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | k-mail | 1.2 |
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.1 |
| kde | konqueror | 3.0.1 |
| kde | konqueror | 2.2.2 |
| kde | kde | 2.2.2 |
| kde | kde | 3.0 |
| kde | konqueror | 3.0.2 |
| kde | kde | 3.0.2 |
| kde | konqueror | 3.0 |
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3 |
| kde | kde | 3.0.1 |
| kde | konqueror | 3.0.1 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 2.2.2 |
| kde | kde | 2.2.2 |
| kde | kde | 3.0 |
| kde | konqueror | 3.0.2 |
| kde | kde | 3.0.2 |
| kde | konqueror | 3.0 |
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.1 |
| kde | kde | 3.0 |
| kde | kde | 3.0.2 |
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3a |
| kde | kde | 1.1 |
Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3 |
| kde | kde | 3.0.1 |
| kde | kde | 3.0.3a |
| kde | kde | 3.0.2 |
Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3 |
| kde | kde | 3.0.1 |
| kde | kde | 2.0 |
| kde | klisa | 2.2.2 |
| kde | kde | 3.0.4 |
| kde | kde | 2.2 |
| kde | kde | 3.0 |
| lisa | lisa | 0.1.2 |
| kde | kde | 3.0.3a |
| lisa | lisa | 0.1 |
| kde | kde | 3.0.2 |
| kde | kde | 2.1 |
Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3 |
| kde | kde | 3.0.1 |
| kde | kde | 2.1.2 |
| kde | kde | 3.0.4 |
| kde | kde | 2.2 |
| kde | kde | 2.2.1 |
| kde | kde | 2.2.2 |
| kde | kde | 3.0 |
| kde | kde | 3.0.2 |
| kde | kde | 2.1.1 |
| kde | kde | 2.1 |
Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3 |
| kde | kde | 3.0.1 |
| kde | kde | 2.1.2 |
| kde | kde | 3.0.4 |
| kde | kde | 2.2 |
| kde | kde | 2.2.1 |
| kde | kde | 2.2.2 |
| kde | kde | 3.0 |
| kde | kde | 3.0.2 |
| kde | kde | 2.1.1 |
| kde | kde | 2.1 |
Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3 |
| kde | kde | 3.0.1 |
| kde | kde | 2.1.2 |
| kde | kde | 2.2 |
| kde | kde | 2.2.1 |
| kde | kde | 2.2.2 |
| kde | kde | 3.0 |
| kde | kde | 3.0.2 |
| kde | kde | 2.1.1 |
| kde | kde | 2.1 |
Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3 |
| kde | kde | 3.0.1 |
| kde | kde | 2.0 |
| kde | kde | 3.0.5 |
| kde | kde | 3.0.4 |
| kde | kde | 2.2 |
| kde | kde | 3.0 |
| kde | kde | 2.1.1 |
| kde | kde | 2.0.1 |
| kde | kde | 3.0.3a |
| kde | kde | 2.1.2 |
| kde | kde | 2.2.1 |
| kde | kde | 2.2.2 |
| kde | kde | 3.0.2 |
| kde | kde | 2.1 |
Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 2.1.2 |
| kde | kde | 2.2 |
| kde | kde | 2.2.1 |
| kde | kde | 2.2.2 |
| kde | kde | 3.0 |
| kde | kde | 3.0.2 |
| kde | kde | 2.1.1 |
| kde | kde | 2.1 |
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3 |
| kde | kde | 3.0.1 |
| kde | kde | 2.0 |
| kde | kde | 3.0.5a |
| kde | kde | 3.0.5 |
| kde | kde | 3.1.1 |
| kde | kde | 3.0.4 |
| kde | kde | 2.2 |
| kde | kde | 3.0 |
| kde | kde | 3.1 |
| kde | kde | 2.1.1 |
| kde | kde | 2.0.1 |
| kde | kde | 3.0.3a |
| kde | kde | 2.1.2 |
| kde | kde | 2.2.1 |
| kde | kde | 2.2.2 |
| kde | kde | 3.0.2 |
| kde | kde | 2.1 |
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kopete | 0.6.1 |
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror_embedded | * |
| apple | safari | 1.0 |
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | * |
| redhat | linux | 7.2 |
| turbolinux | turbolinux_workstation | 7.0 |
| turbolinux | turbolinux_workstation | 8.0 |
| turbolinux | turbolinux_server | 8.0 |
| turbolinux | turbolinux_server | 7.0 |
| redhat | linux | 7.1 |
| apple | safari | 1.0 |
| kde | konqueror_embedded | 0.1 |
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | kdelibs_sound | 2.1.1-5 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 3.0.2 |
| redhat | kdelibs_sound_devel | 2.1.1-5 |
| kde | konqueror | 3.0.5 |
| kde | konqueror | 3.1.2 |
| redhat | kdelibs_devel | 3.0.3-8 |
| redhat | analog_real-time_synthesizer | 2.2-11 |
| redhat | kdebase | 3.0.3-13 |
| kde | konqueror | 2.2.2 |
| redhat | kdelibs_sound_devel | 2.2-11 |
| kde | konqueror | 3.1 |
| kde | konqueror | 3.1.1 |
| redhat | kdelibs_devel | 2.2-11 |
| kde | konqueror | 2.1.1 |
| redhat | kdelibs | 2.2-11 |
| kde | konqueror | 3.0.1 |
| redhat | kdelibs | 3.1-10 |
| redhat | analog_real-time_synthesizer | 2.1.1-5 |
| redhat | kdelibs | 2.1.1-5 |
| kde | konqueror_embedded | 0.1 |
| redhat | kdelibs_sound | 2.2-11 |
| redhat | kdelibs_devel | 3.1-10 |
| redhat | kdelibs | 3.0.0-10 |
| redhat | kdelibs_devel | 2.1.1-5 |
| redhat | kdelibs_devel | 3.0.0-10 |
| kde | konqueror | 3.0 |
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror | 3.0.5 |
| kde | konqueror | 3.1 |
| kde | konqueror | 3.1.1 |
| kde | konqueror | 3.1.2 |
| kde | konqueror | 2.1.1 |
| kde | konqueror | 3.0.1 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 2.2.2 |
| kde | konqueror | 3.0.2 |
| kde | konqueror_embedded | 0.1 |
| kde | konqueror | 3.0 |
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3 |
| kde | kde | 2.0 |
| kde | kde | 3.0.5a |
| kde | kde | 3.1.1 |
| kde | kde | 3.0.4 |
| kde | kde | 3.0.5b |
| kde | kde | 3.0 |
| kde | kde | 3.1 |
| kde | kde | 2.0_beta |
| kde | kde | 1.1.2 |
| kde | kde | 1.1.1 |
| kde | kde | 3.0.3a |
| kde | kde | 2.1.2 |
| kde | kde | 2.1 |
| kde | kde | 3.1.2 |
| kde | kde | 3.0.1 |
| kde | kde | 3.0.5 |
| kde | kde | 2.2 |
| kde | kde | 3.1.1a |
| kde | kde | 1.1 |
| kde | kde | 2.1.1 |
| kde | kde | 2.0.1 |
| kde | kde | 1.2 |
| kde | kde | 3.1.3 |
| kde | kde | 2.2.1 |
| kde | kde | 2.2.2 |
| kde | kde | 3.0.2 |
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3 |
| kde | kde | 2.0 |
| kde | kde | 3.0.5a |
| kde | kde | 3.1.1 |
| kde | kde | 3.0.4 |
| kde | kde | 3.0.5b |
| kde | kde | 3.0 |
| kde | kde | 3.1 |
| kde | kde | 2.0_beta |
| kde | kde | 1.1.2 |
| kde | kde | 1.1.1 |
| kde | kde | 3.0.3a |
| kde | kde | 2.1.2 |
| kde | kde | 2.1 |
| kde | kde | 3.1.2 |
| kde | kde | 3.0.1 |
| kde | kde | 3.0.5 |
| kde | kde | 2.2 |
| kde | kde | 3.1.1a |
| kde | kde | 1.1 |
| kde | kde | 2.1.1 |
| kde | kde | 2.0.1 |
| kde | kde | 1.2 |
| kde | kde | 3.1.3 |
| kde | kde | 2.2.1 |
| kde | kde | 2.2.2 |
| kde | kde | 3.0.2 |
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.1.3 |
| kde | kde | 3.1.1 |
| kde | kde | 3.1.0 |
| kde | kde | 3.1.2 |
Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror | 3.0.3 |
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-88,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror | * |
KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror | 3.1 |
| kde | konqueror | 3.1.1 |
| kde | konqueror | 2.1.1 |
| kde | konqueror | 3.0.1 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 3.2.1 |
| kde | konqueror | 3.0.2 |
| kde | konqueror | 3.0.5 |
| kde | konqueror | 3.1.2 |
| kde | konqueror | 3.1.3 |
| kde | konqueror | 2.2.2 |
| kde | konqueror | 3.0 |
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H | 1.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 3.0 |
| kde | kde | * |
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.2.1 |
Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror | 3.1.3 |
| kde | konqueror | 3.2.2 |
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 8.1 |
| kde | konqueror | 3.1 |
| kde | konqueror | 3.0.5b |
| kde | konqueror | 3.1.1 |
| kde | konqueror | 3.0.1 |
| kde | konqueror | 3.1.5 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 3.2.3 |
| suse | suse_linux | 8.2 |
| kde | konqueror | 3.2.1 |
| kde | konqueror | 3.0.2 |
| kde | konqueror | 3.0.5 |
| suse | suse_linux | 9.1 |
| kde | konqueror | 3.1.2 |
| kde | kde | 3.1.3 |
| kde | kde | 3.2 |
| kde | konqueror | 3.1.3 |
| mandrakesoft | mandrake_linux | 10.0 |
| suse | suse_linux | 9.0 |
| mandrakesoft | mandrake_linux | 9.2 |
| suse | suse_linux | 8 |
| gentoo | linux | 1.4 |
| kde | konqueror | 3.0 |
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 8.1 |
| redhat | enterprise_linux | 3.0 |
| libtiff | libtiff | 3.5.5 |
| libtiff | libtiff | 3.6.0 |
| apple | mac_os_x_server | 10.2 |
| apple | mac_os_x | 10.2.7 |
| kde | kde | 3.2.1 |
| apple | mac_os_x | 10.2.4 |
| kde | kde | 3.2 |
| apple | mac_os_x_server | 10.3 |
| trustix | secure_linux | 2.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| libtiff | libtiff | 3.6.1 |
| kde | kde | 3.3 |
| suse | suse_linux | 1.0 |
| libtiff | libtiff | 3.5.4 |
| apple | mac_os_x_server | 10.2.5 |
| apple | mac_os_x_server | 10.3.3 |
| apple | mac_os_x_server | 10.3.5 |
| apple | mac_os_x | 10.2 |
| libtiff | libtiff | 3.4 |
| apple | mac_os_x | 10.2.3 |
| apple | mac_os_x | 10.3.5 |
| apple | mac_os_x | 10.2.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| kde | kde | 3.2.3 |
| apple | mac_os_x | 10.2.5 |
| apple | mac_os_x | 10.3.1 |
| apple | mac_os_x_server | 10.3.6 |
| apple | mac_os_x_server | 10.2.4 |
| apple | mac_os_x_server | 10.2.8 |
| apple | mac_os_x | 10.3.6 |
| apple | mac_os_x | 10.3.2 |
| apple | mac_os_x | 10.3.3 |
| pdflib | pdf_library | 5.0.2 |
| apple | mac_os_x | 10.3 |
| apple | mac_os_x_server | 10.3.2 |
| apple | mac_os_x | 10.3.4 |
| libtiff | libtiff | 3.5.7 |
| kde | kde | 3.2.2 |
| suse | suse_linux | 9.1 |
| apple | mac_os_x_server | 10.2.6 |
| trustix | secure_linux | 2.0 |
| apple | mac_os_x | 10.2.1 |
| kde | kde | 3.3.1 |
| apple | mac_os_x_server | 10.3.1 |
| trustix | secure_linux | 1.5 |
| apple | mac_os_x_server | 10.3.4 |
| apple | mac_os_x_server | 10.2.1 |
| apple | mac_os_x_server | 10.2.2 |
| suse | suse_linux | 8.2 |
| libtiff | libtiff | 3.5.2 |
| apple | mac_os_x | 10.2.6 |
| apple | mac_os_x | 10.2.8 |
| wxgtk2 | wxgtk2 | 2.5_.0 |
| apple | mac_os_x_server | 10.2.3 |
| libtiff | libtiff | 3.5.1 |
| redhat | enterprise_linux | 2.1 |
| apple | mac_os_x_server | 10.2.7 |
| libtiff | libtiff | 3.5.3 |
| suse | suse_linux | 9.0 |
| redhat | fedora_core | core_2.0 |
| suse | suse_linux | 8 |
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 8.1 |
| kde | konqueror | 3.0.5b |
| kde | konqueror | 3.1.5 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 3.2.3 |
| kde | konqueror | 3.0.2 |
| kde | konqueror | 2.2.1 |
| kde | konqueror | 3.0.5 |
| kde | konqueror | 3.1.2 |
| microsoft | internet_explorer | 6.0 |
| mozilla | firefox | 0.9.2 |
| kde | konqueror | 2.2.2 |
| kde | konqueror | 3.1 |
| kde | konqueror | 3.1.1 |
| kde | konqueror | 2.1.1 |
| suse | suse_linux | 1.0 |
| kde | konqueror | 3.0.1 |
| suse | suse_linux | 8.2 |
| microsoft | ie | 6.0 |
| kde | konqueror | 3.2.1 |
| kde | konqueror | 3.1.3 |
| kde | konqueror | 3.1.4 |
| suse | suse_linux | 9.0 |
| suse | suse_linux | 8 |
| kde | konqueror | 2.1.2 |
| kde | konqueror | 3.0 |
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 8.1 |
| kde | konqueror | 3.0.5b |
| kde | konqueror | 3.1.5 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 3.2.3 |
| kde | konqueror | 3.0.2 |
| kde | konqueror | 2.2.1 |
| kde | konqueror | 3.0.5 |
| kde | konqueror | 3.1.2 |
| microsoft | internet_explorer | 6.0 |
| mozilla | firefox | 0.9.2 |
| kde | konqueror | 2.2.2 |
| kde | konqueror | 3.1 |
| kde | konqueror | 3.1.1 |
| kde | konqueror | 2.1.1 |
| suse | suse_linux | 1.0 |
| kde | konqueror | 3.0.1 |
| suse | suse_linux | 8.2 |
| microsoft | ie | 6.0 |
| kde | konqueror | 3.2.1 |
| kde | konqueror | 3.1.3 |
| kde | konqueror | 3.1.4 |
| suse | suse_linux | 9.0 |
| suse | suse_linux | 8 |
| kde | konqueror | 2.1.2 |
| kde | konqueror | 3.0 |
KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror | 3.1 |
| kde | konqueror | 3.0.5b |
| kde | konqueror | 3.1.1 |
| kde | konqueror | 2.1.1 |
| kde | konqueror | 3.0.1 |
| kde | konqueror | 3.1.5 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 3.2.3 |
| kde | konqueror | 3.2.1 |
| kde | konqueror | 3.0.2 |
| kde | konqueror | 2.2.1 |
| kde | konqueror | 3.0.5 |
| kde | konqueror | 3.1.2 |
| kde | konqueror | 3.1.3 |
| kde | konqueror | 3.1.4 |
| kde | konqueror | 2.2.2 |
| kde | konqueror | 2.1.2 |
| kde | konqueror | 3.0 |
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 8.1 |
| redhat | enterprise_linux | 3.0 |
| libtiff | libtiff | 3.5.5 |
| libtiff | libtiff | 3.6.0 |
| apple | mac_os_x_server | 10.2 |
| apple | mac_os_x | 10.2.7 |
| kde | kde | 3.2.1 |
| apple | mac_os_x | 10.2.4 |
| kde | kde | 3.2 |
| apple | mac_os_x_server | 10.3 |
| trustix | secure_linux | 2.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| libtiff | libtiff | 3.6.1 |
| kde | kde | 3.3 |
| suse | suse_linux | 1.0 |
| libtiff | libtiff | 3.5.4 |
| apple | mac_os_x_server | 10.2.5 |
| apple | mac_os_x_server | 10.3.3 |
| apple | mac_os_x_server | 10.3.5 |
| apple | mac_os_x | 10.2 |
| libtiff | libtiff | 3.4 |
| apple | mac_os_x | 10.2.3 |
| apple | mac_os_x | 10.3.5 |
| apple | mac_os_x | 10.2.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| kde | kde | 3.2.3 |
| apple | mac_os_x | 10.2.5 |
| apple | mac_os_x | 10.3.1 |
| apple | mac_os_x_server | 10.3.6 |
| apple | mac_os_x_server | 10.2.4 |
| apple | mac_os_x_server | 10.2.8 |
| apple | mac_os_x | 10.3.6 |
| apple | mac_os_x | 10.3.2 |
| wxgtk2 | wxgtk2 | * |
| apple | mac_os_x | 10.3.3 |
| pdflib | pdf_library | 5.0.2 |
| apple | mac_os_x | 10.3 |
| apple | mac_os_x_server | 10.3.2 |
| apple | mac_os_x | 10.3.4 |
| libtiff | libtiff | 3.5.7 |
| kde | kde | 3.2.2 |
| suse | suse_linux | 9.1 |
| apple | mac_os_x_server | 10.2.6 |
| trustix | secure_linux | 2.0 |
| apple | mac_os_x | 10.2.1 |
| kde | kde | 3.3.1 |
| apple | mac_os_x_server | 10.3.1 |
| trustix | secure_linux | 1.5 |
| apple | mac_os_x_server | 10.3.4 |
| apple | mac_os_x_server | 10.2.1 |
| apple | mac_os_x_server | 10.2.2 |
| suse | suse_linux | 8.2 |
| libtiff | libtiff | 3.5.2 |
| apple | mac_os_x | 10.2.6 |
| apple | mac_os_x | 10.2.8 |
| wxgtk2 | wxgtk2 | 2.5_.0 |
| apple | mac_os_x_server | 10.2.3 |
| libtiff | libtiff | 3.5.1 |
| redhat | enterprise_linux | 2.1 |
| apple | mac_os_x_server | 10.2.7 |
| libtiff | libtiff | 3.5.3 |
| suse | suse_linux | 9.0 |
| redhat | fedora_core | core_2.0 |
| suse | suse_linux | 8 |
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 8.1 |
| easy_software_products | cups | 1.1.13 |
| kde | koffice | 1.3_beta3 |
| suse | suse_linux | 8.0 |
| kde | koffice | 1.3.2 |
| redhat | enterprise_linux | 3.0 |
| ubuntu | ubuntu_linux | 4.1 |
| kde | kde | 3.2.1 |
| xpdf | xpdf | 1.1 |
| easy_software_products | cups | 1.1.19 |
| xpdf | xpdf | 0.92 |
| kde | kde | 3.2 |
| xpdf | xpdf | 2.0 |
| kde | kpdf | 3.2 |
| gnome | gpdf | 0.131 |
| easy_software_products | cups | 1.1.16 |
| kde | kde | 3.3 |
| easy_software_products | cups | 1.1.20 |
| kde | koffice | 1.3_beta1 |
| easy_software_products | cups | 1.1.14 |
| easy_software_products | cups | 1.1.7 |
| pdftohtml | pdftohtml | 0.34 |
| easy_software_products | cups | 1.1.18 |
| easy_software_products | cups | 1.1.19_rc5 |
| suse | suse_linux | 9.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| easy_software_products | cups | 1.1.17 |
| kde | koffice | 1.3.1 |
| redhat | linux_advanced_workstation | 2.1 |
| kde | kde | 3.2.3 |
| xpdf | xpdf | 0.93 |
| easy_software_products | cups | 1.1.12 |
| pdftohtml | pdftohtml | 0.36 |
| pdftohtml | pdftohtml | 0.33 |
| xpdf | xpdf | 0.91 |
| xpdf | xpdf | 2.1 |
| kde | koffice | 1.3 |
| kde | koffice | 1.3.3 |
| tetex | tetex | 2.0.2 |
| gnome | gpdf | 0.112 |
| pdftohtml | pdftohtml | 0.35 |
| gentoo | linux | * |
| easy_software_products | cups | 1.0.4 |
| easy_software_products | cups | 1.1.4_5 |
| xpdf | xpdf | 2.3 |
| tetex | tetex | 1.0.7 |
| easy_software_products | cups | 1.1.1 |
| kde | kde | 3.2.2 |
| suse | suse_linux | 9.1 |
| pdftohtml | pdftohtml | 0.32a |
| xpdf | xpdf | 3.0 |
| easy_software_products | cups | 1.1.15 |
| pdftohtml | pdftohtml | 0.33a |
| kde | kde | 3.3.1 |
| tetex | tetex | 2.0.1 |
| easy_software_products | cups | 1.0.4_8 |
| easy_software_products | cups | 1.1.6 |
| tetex | tetex | 2.0 |
| suse | suse_linux | 8.2 |
| debian | debian_linux | 3.0 |
| easy_software_products | cups | 1.1.4 |
| easy_software_products | cups | 1.1.4_3 |
| xpdf | xpdf | 1.0a |
| redhat | enterprise_linux | 2.1 |
| kde | koffice | 1.3_beta2 |
| easy_software_products | cups | 1.1.4_2 |
| pdftohtml | pdftohtml | 0.32b |
| suse | suse_linux | 9.0 |
| redhat | fedora_core | core_2.0 |
| easy_software_products | cups | 1.1.10 |
| xpdf | xpdf | 1.0 |
| xpdf | xpdf | 0.90 |
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 8.1 |
| easy_software_products | cups | 1.1.13 |
| kde | koffice | 1.3_beta3 |
| suse | suse_linux | 8.0 |
| kde | koffice | 1.3.2 |
| redhat | enterprise_linux | 3.0 |
| ubuntu | ubuntu_linux | 4.1 |
| kde | kde | 3.2.1 |
| xpdf | xpdf | 1.1 |
| easy_software_products | cups | 1.1.19 |
| xpdf | xpdf | 0.92 |
| kde | kde | 3.2 |
| xpdf | xpdf | 2.0 |
| kde | kpdf | 3.2 |
| gnome | gpdf | 0.131 |
| easy_software_products | cups | 1.1.16 |
| kde | kde | 3.3 |
| easy_software_products | cups | 1.1.20 |
| kde | koffice | 1.3_beta1 |
| easy_software_products | cups | 1.1.14 |
| easy_software_products | cups | 1.1.7 |
| pdftohtml | pdftohtml | 0.34 |
| easy_software_products | cups | 1.1.18 |
| easy_software_products | cups | 1.1.19_rc5 |
| suse | suse_linux | 9.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| easy_software_products | cups | 1.1.17 |
| kde | koffice | 1.3.1 |
| redhat | linux_advanced_workstation | 2.1 |
| kde | kde | 3.2.3 |
| xpdf | xpdf | 0.93 |
| easy_software_products | cups | 1.1.12 |
| pdftohtml | pdftohtml | 0.36 |
| pdftohtml | pdftohtml | 0.33 |
| xpdf | xpdf | 0.91 |
| xpdf | xpdf | 2.1 |
| kde | koffice | 1.3 |
| kde | koffice | 1.3.3 |
| tetex | tetex | 2.0.2 |
| gnome | gpdf | 0.112 |
| pdftohtml | pdftohtml | 0.35 |
| gentoo | linux | * |
| easy_software_products | cups | 1.0.4 |
| easy_software_products | cups | 1.1.4_5 |
| xpdf | xpdf | 2.3 |
| tetex | tetex | 1.0.7 |
| easy_software_products | cups | 1.1.1 |
| kde | kde | 3.2.2 |
| suse | suse_linux | 9.1 |
| pdftohtml | pdftohtml | 0.32a |
| xpdf | xpdf | 3.0 |
| easy_software_products | cups | 1.1.15 |
| pdftohtml | pdftohtml | 0.33a |
| kde | kde | 3.3.1 |
| tetex | tetex | 2.0.1 |
| easy_software_products | cups | 1.0.4_8 |
| easy_software_products | cups | 1.1.6 |
| tetex | tetex | 2.0 |
| suse | suse_linux | 8.2 |
| debian | debian_linux | 3.0 |
| easy_software_products | cups | 1.1.4 |
| easy_software_products | cups | 1.1.4_3 |
| xpdf | xpdf | 1.0a |
| redhat | enterprise_linux | 2.1 |
| kde | koffice | 1.3_beta2 |
| easy_software_products | cups | 1.1.4_2 |
| pdftohtml | pdftohtml | 0.32b |
| suse | suse_linux | 9.0 |
| redhat | fedora_core | core_2.0 |
| easy_software_products | cups | 1.1.10 |
| xpdf | xpdf | 1.0 |
| xpdf | xpdf | 0.90 |
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| easy_software_products | cups | 1.1.20 |
| kde | kde | 3.2.3 |
| kde | kde | 3.3.2 |
| xpdf | xpdf | 3.0 |
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror | 3.0.5b |
| kde | konqueror | 3.3.2 |
| kde | konqueror | 3.1.5 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 3.2.3 |
| kde | konqueror | 3.0.2 |
| kde | konqueror | 2.2.1 |
| kde | konqueror | 3.0.5 |
| kde | konqueror | 3.1.2 |
| mandrakesoft | mandrake_linux | 10.0 |
| kde | konqueror | 2.2.2 |
| kde | konqueror | 3.2.2.6 |
| kde | konqueror | 3.3 |
| kde | konqueror | 3.1 |
| redhat | fedora_core | core_3.0 |
| kde | konqueror | 3.1.1 |
| kde | konqueror | 2.1.1 |
| kde | konqueror | 3.0.1 |
| mandrakesoft | mandrake_linux | 10.1 |
| kde | konqueror | 3.2.1 |
| kde | konqueror | 3.3.1 |
| kde | konqueror | 3.1.3 |
| kde | konqueror | 3.1.4 |
| redhat | fedora_core | core_2.0 |
| kde | konqueror | 2.1.2 |
| kde | konqueror | 3.0 |
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kdelibs | 3.1.5 |
| kde | konqueror | 3.3.1 |
| kde | kdelibs | 3.1.3 |
| kde | kdelibs | 3.1.4 |
| kde | kdelibs | 3.2 |
| kde | kdelibs | 3.1.1 |
| kde | kdelibs | 3.1 |
| kde | kdelibs | 3.1.2 |
| kde | kdelibs | 3.2.2 |
| kde | kdelibs | 3.2.1 |
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.2.2 |
| kde | kde | 3.3 |
| redhat | fedora_core | core_3.0 |
| kde | kde | 3.2.3 |
| kde | kde | 3.3.2 |
| kde | kde | 3.3.1 |
| kde | kde | 3.2 |
| mandrakesoft | mandrake_linux | 10.1 |
| mandrakesoft | mandrake_linux | 10.0 |
| redhat | fedora_core | core_2.0 |
| kde | kde | 3.2.1 |
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| suse | suse_linux | 8.1 |
| suse | suse_linux | 8.0 |
| suse | suse_linux | 2.0 |
| gentoo | linux | * |
| suse | suse_linux | 5.0 |
| suse | suse_linux | 7.3 |
| suse | suse_linux | 5.1 |
| opera | opera_browser | * |
| suse | suse_linux | 7.2 |
| suse | suse_linux | 9.1 |
| suse | suse_linux | 4.2 |
| suse | suse_linux | 3.0 |
| suse | suse_linux | 6.2 |
| suse | suse_linux | 7.1 |
| suse | suse_linux | 6.1 |
| suse | suse_linux | 1.0 |
| suse | suse_linux | 4.4 |
| suse | suse_linux | 6.0 |
| suse | suse_linux | 6.3 |
| suse | suse_linux | 8.2 |
| suse | suse_linux | 4.0 |
| suse | suse_linux | 9.2 |
| kde | kde | 3.2.3 |
| suse | suse_linux | 4.3 |
| suse | suse_linux | 5.3 |
| suse | suse_linux | 4.4.1 |
| suse | suse_linux | 6.4 |
| suse | suse_linux | 7.0 |
| suse | suse_linux | 9.0 |
| suse | suse_linux | 5.2 |
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.3 |
| kde | kde | 3.3.2 |
| kde | kde | 3.3.1 |
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.0.3 |
| kde | kde | 2.0 |
| redhat | enterprise_linux | 3.0 |
| kde | kde | 3.0_beta_1 |
| kde | kde | 3.0.4 |
| kde | kde | 3.0 |
| kde | kde | 1.1.2 |
| kde | kde | 1.1.1 |
| kde | kde | 1.0 |
| kde | kde | 2.1_beta1 |
| kde | kde | 2.1 |
| kde | kde | 3.0.1 |
| kde | kde | 2.2 |
| kde | kde | 1.1 |
| kde | kde | 2.0.1 |
| kde | kde | 2.1_beta2 |
| kde | kde | 3.0_beta_2 |
| debian | debian_linux | 3.0 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| redhat | enterprise_linux | 2.1 |
| kde | kde | 2.2.1 |
| kde | kde | 3.0.2 |
| kde | kde | 2.2_beta1 |
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.1.4 |
| kde | kde | 3.1.3 |
| kde | kde | 3.1.1 |
| kde | kde | 3.1.5 |
| kde | kde | 3.1 |
| bernd_wuebben | kppp | 2.1.2 |
| kde | kde | 3.1.2 |
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux | 9.0 |
| easy_software_products | cups | 1.1.13 |
| suse | suse_linux | 8.0 |
| redhat | enterprise_linux | 3.0 |
| suse | suse_linux | 2.0 |
| suse | suse_linux | 5.0 |
| suse | suse_linux | 7.3 |
| suse | suse_linux | 5.1 |
| ubuntu | ubuntu_linux | 4.1 |
| easy_software_products | cups | 1.1.19 |
| kde | kde | 3.2 |
| kde | kpdf | 3.2 |
| suse | suse_linux | 6.2 |
| kde | kde | 3.3 |
| redhat | fedora_core | core_3.0 |
| redhat | fedora_core | core_1.0 |
| pdftohtml | pdftohtml | 0.34 |
| suse | suse_linux | 9.2 |
| kde | koffice | 1.3.1 |
| xpdf | xpdf | 0.93 |
| easy_software_products | cups | 1.1.12 |
| suse | suse_linux | 4.3 |
| suse | suse_linux | 5.3 |
| suse | suse_linux | 6.4 |
| pdftohtml | pdftohtml | 0.36 |
| pdftohtml | pdftohtml | 0.33 |
| xpdf | xpdf | 0.91 |
| xpdf | xpdf | 2.1 |
| kde | koffice | 1.3 |
| gnome | gpdf | 0.110 |
| kde | koffice | 1.3.3 |
| pdftohtml | pdftohtml | 0.35 |
| gentoo | linux | * |
| easy_software_products | cups | 1.0.4 |
| easy_software_products | cups | 1.1.4_5 |
| xpdf | xpdf | 2.3 |
| tetex | tetex | 1.0.7 |
| easy_software_products | cups | 1.1.1 |
| cstex | cstetex | 2.0.2 |
| suse | suse_linux | 9.1 |
| easy_software_products | cups | 1.1.15 |
| pdftohtml | pdftohtml | 0.33a |
| tetex | tetex | 2.0.1 |
| easy_software_products | cups | 1.0.4_8 |
| easy_software_products | cups | 1.1.6 |
| suse | suse_linux | 8.2 |
| sgi | advanced_linux_environment | 3.0 |
| easy_software_products | cups | 1.1.4 |
| suse | suse_linux | 9.0 |
| easy_software_products | cups | 1.1.10 |
| suse | suse_linux | 5.2 |
| suse | suse_linux | 8.1 |
| ascii | ptex | 3.1.4 |
| kde | koffice | 1.3_beta3 |
| kde | koffice | 1.3.2 |
| tetex | tetex | 1.0.6 |
| kde | kde | 3.2.1 |
| xpdf | xpdf | 1.1 |
| suse | suse_linux | 7.2 |
| xpdf | xpdf | 0.92 |
| suse | suse_linux | 4.2 |
| xpdf | xpdf | 2.0 |
| gnome | gpdf | 0.131 |
| easy_software_products | cups | 1.1.16 |
| easy_software_products | cups | 1.1.20 |
| kde | koffice | 1.3_beta1 |
| suse | suse_linux | 7.1 |
| easy_software_products | cups | 1.1.14 |
| easy_software_products | cups | 1.1.7 |
| suse | suse_linux | 1.0 |
| suse | suse_linux | 4.4 |
| sgi | propack | 3.0 |
| easy_software_products | cups | 1.1.18 |
| easy_software_products | cups | 1.1.19_rc5 |
| redhat | enterprise_linux_desktop | 3.0 |
| easy_software_products | cups | 1.1.17 |
| redhat | linux_advanced_workstation | 2.1 |
| kde | kde | 3.2.3 |
| tetex | tetex | 2.0.2 |
| gnome | gpdf | 0.112 |
| kde | kde | 3.2.2 |
| pdftohtml | pdftohtml | 0.32a |
| xpdf | xpdf | 3.0 |
| suse | suse_linux | 3.0 |
| kde | kde | 3.3.1 |
| suse | suse_linux | 6.1 |
| suse | suse_linux | 6.0 |
| tetex | tetex | 2.0 |
| suse | suse_linux | 6.3 |
| suse | suse_linux | 4.0 |
| debian | debian_linux | 3.0 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| easy_software_products | cups | 1.1.4_3 |
| xpdf | xpdf | 1.0a |
| redhat | enterprise_linux | 2.1 |
| kde | koffice | 1.3_beta2 |
| suse | suse_linux | 4.4.1 |
| easy_software_products | cups | 1.1.4_2 |
| pdftohtml | pdftohtml | 0.32b |
| suse | suse_linux | 7.0 |
| redhat | fedora_core | core_2.0 |
| xpdf | xpdf | 1.0 |
| xpdf | xpdf | 0.90 |
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror | 3.2.1 |
| kde | kde | 3.2.1 |
The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.3.x |
| kde | kde | 3.2.x |
Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | desktop_communication_protocol_daemon | * |
| kde | dcopserver | * |
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.3.2 |
| kmail | kmail | 1.7.1 |
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.3 |
| redhat | fedora_core | core_3.0 |
| kde | kde | 3.3.1 |
| ubuntu | ubuntu_linux | 5.04 |
| kde | quanta | 3.1 |
| gentoo | linux | * |
| conectiva | linux | 10.0 |
| ubuntu | ubuntu_linux | 4.1 |
| kde | kde | 3.2.1 |
| kde | kde | 3.2.2 |
| kde | kde | 3.2.3 |
| kde | kde | 3.4 |
| kde | kde | 3.3.2 |
| kde | kde | 3.2 |
| conectiva | linux | 9.0 |
Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.4.0 |
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.3 |
| kde | kde | 3.4.0 |
| kde | kde | 3.3.1 |
| ekg | ekg | 1.3 |
| ekg | ekg | 1.0_rc3 |
| ekg | ekg | 1.0 |
| ekg | ekg | 1.4 |
| kadu | kadu | * |
| centericq | centericq | * |
| ekg | ekg | 1.5_rc1 |
| kde | kde | 3.2.3 |
| kde | kde | 3.4 |
| kde | kde | 3.3.2 |
| ekg | ekg | 1.1 |
| kde | kde | 3.4.1 |
| ekg | ekg | 1.5 |
| ekg | ekg | 1.5_rc2 |
| ekg | ekg | 1.0_rc2 |
| ekg | ekg | 1.1_rc2 |
| ekg | ekg | 1.1_rc1 |
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-281,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | * |
| debian | debian_linux | 3.1 |
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kpdf | * |
| xpdf | xpdf | 3.0_pl3 |
| xpdf | xpdf | 3.0 |
| xpdf | xpdf | 3.0_pl2 |
langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.1.4 |
| kde | kde | 3.0.3 |
| kde | kde | 3.0.5a |
| kde | kde | 3.1.1 |
| kde | kde | 3.0.4 |
| kde | kde | 3.1.5 |
| kde | kde | 3.0 |
| kde | kde | 3.1 |
| kde | kde | 3.2.1 |
| kde | kde | 3.2.2 |
| kde | kde | 3.1_alpha1 |
| kde | kde | 3.2 |
| kde | kde | 3.1.2 |
| kde | kde | 3.3 |
| kde | kde | 3.0.1 |
| kde | kde | 3.3.1 |
| kde | kde | 3.0.5 |
| kde | kde | 3.2.0_beta1 |
| kde | kde | 3.4.2 |
| kde | kde | 3.2.3 |
| kde | kde | 3.4 |
| kde | kde | 3.3.2 |
| kde | kde | 3.4.1 |
| kde | kde | 3.1.3 |
| kde | kde | 3.1_beta2 |
| kde | kde | 3.1_beta1 |
| kde | kde | 3.0.2 |
kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.2.2 |
| kde | kde | 3.2.3 |
| kde | kde | 3.3.2 |
| kde | kde | 3.4.0 |
| kde | kde | 3.2.0 |
| kde | kde | 3.3.1 |
| kde | kde | 3.4.1 |
| kde | kde | 3.3.0 |
| kde | kde | 3.2.1 |
| kde | kde | 3.4.2 |
Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | koffice | 1.4.1 |
| kde | koffice | 1.3_beta1 |
| kde | koffice | 1.3_beta3 |
| kde | koffice | 1.3 |
| kde | koffice | 1.3.2 |
| kde | koffice | 1.3.3 |
| kde | koffice | 1.3.4 |
| kde | koffice | 1.3.5 |
| kde | koffice | 1.3.1 |
| kde | koffice | 1.3_beta2 |
| kde | koffice | 1.2.1 |
| kde | koffice | 1.2 |
| kde | koffice | 1.4 |
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux | 9.0 |
| redhat | enterprise_linux | 3.0 |
| libextractor | libextractor | * |
| slackware | slackware_linux | 10.0 |
| conectiva | linux | 10.0 |
| ubuntu | ubuntu_linux | 4.1 |
| redhat | enterprise_linux | 4.0 |
| turbolinux | turbolinux_workstation | 8.0 |
| poppler | poppler | 0.4.2 |
| turbolinux | turbolinux_personal | * |
| kde | kpdf | 3.2 |
| slackware | slackware_linux | 9.1 |
| redhat | fedora_core | core_3.0 |
| kde | kword | 1.4.2 |
| redhat | fedora_core | core_1.0 |
| suse | suse_linux | 1.0 |
| sgi | propack | 3.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| suse | suse_linux | 9.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| suse | suse_linux | 10.0 |
| turbolinux | turbolinux | fuji |
| turbolinux | turbolinux_server | 10.0 |
| easy_software_products | cups | 1.1.23_rc1 |
| turbolinux | turbolinux_desktop | 10.0 |
| easy_software_products | cups | 1.1.22 |
| kde | koffice | 1.4 |
| kde | koffice | 1.4.1 |
| slackware | slackware_linux | 10.1 |
| redhat | linux | 7.3 |
| turbolinux | turbolinux_multimedia | * |
| kde | kpdf | 3.4.3 |
| suse | suse_linux | 9.3 |
| tetex | tetex | 2.0.2 |
| ubuntu | ubuntu_linux | 5.10 |
| gentoo | linux | * |
| tetex | tetex | 3.0 |
| slackware | slackware_linux | 10.2 |
| tetex | tetex | 1.0.7 |
| kde | koffice | 1.4.2 |
| turbolinux | turbolinux_server | 10.0_x86 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| suse | suse_linux | 9.1 |
| trustix | secure_linux | 2.2 |
| sco | openserver | 5.0.7 |
| trustix | secure_linux | 2.0 |
| xpdf | xpdf | 3.0 |
| mandrakesoft | mandrake_linux | 2006 |
| slackware | slackware_linux | 9.0 |
| trustix | secure_linux | 3.0 |
| turbolinux | turbolinux_home | * |
| kde | kdegraphics | 3.4.3 |
| easy_software_products | cups | 1.1.22_rc1 |
| tetex | tetex | 2.0.1 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| ubuntu | ubuntu_linux | 5.04 |
| tetex | tetex | 2.0 |
| mandrakesoft | mandrake_linux | 10.1 |
| easy_software_products | cups | 1.1.23 |
| redhat | fedora_core | core_4.0 |
| turbolinux | turbolinux | 10 |
| kde | kdegraphics | 3.2 |
| debian | debian_linux | 3.0 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| redhat | enterprise_linux | 2.1 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 9.0 |
| redhat | fedora_core | core_2.0 |
| sco | openserver | 6.0 |
| mandrakesoft | mandrake_linux | 10.2 |
| debian | debian_linux | 3.1 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux | 9.0 |
| redhat | enterprise_linux | 3.0 |
| libextractor | libextractor | * |
| slackware | slackware_linux | 10.0 |
| conectiva | linux | 10.0 |
| ubuntu | ubuntu_linux | 4.1 |
| redhat | enterprise_linux | 4.0 |
| turbolinux | turbolinux_workstation | 8.0 |
| poppler | poppler | 0.4.2 |
| turbolinux | turbolinux_personal | * |
| kde | kpdf | 3.2 |
| slackware | slackware_linux | 9.1 |
| redhat | fedora_core | core_3.0 |
| kde | kword | 1.4.2 |
| redhat | fedora_core | core_1.0 |
| suse | suse_linux | 1.0 |
| sgi | propack | 3.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| suse | suse_linux | 9.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| suse | suse_linux | 10.0 |
| turbolinux | turbolinux | fuji |
| turbolinux | turbolinux_server | 10.0 |
| easy_software_products | cups | 1.1.23_rc1 |
| turbolinux | turbolinux_desktop | 10.0 |
| easy_software_products | cups | 1.1.22 |
| kde | koffice | 1.4 |
| kde | koffice | 1.4.1 |
| slackware | slackware_linux | 10.1 |
| redhat | linux | 7.3 |
| turbolinux | turbolinux_multimedia | * |
| kde | kpdf | 3.4.3 |
| suse | suse_linux | 9.3 |
| tetex | tetex | 2.0.2 |
| ubuntu | ubuntu_linux | 5.10 |
| gentoo | linux | * |
| tetex | tetex | 3.0 |
| slackware | slackware_linux | 10.2 |
| tetex | tetex | 1.0.7 |
| kde | koffice | 1.4.2 |
| turbolinux | turbolinux_server | 10.0_x86 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| suse | suse_linux | 9.1 |
| trustix | secure_linux | 2.2 |
| sco | openserver | 5.0.7 |
| trustix | secure_linux | 2.0 |
| xpdf | xpdf | 3.0 |
| mandrakesoft | mandrake_linux | 2006 |
| slackware | slackware_linux | 9.0 |
| trustix | secure_linux | 3.0 |
| turbolinux | turbolinux_home | * |
| kde | kdegraphics | 3.4.3 |
| easy_software_products | cups | 1.1.22_rc1 |
| tetex | tetex | 2.0.1 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| ubuntu | ubuntu_linux | 5.04 |
| tetex | tetex | 2.0 |
| mandrakesoft | mandrake_linux | 10.1 |
| easy_software_products | cups | 1.1.23 |
| redhat | fedora_core | core_4.0 |
| turbolinux | turbolinux | 10 |
| kde | kdegraphics | 3.2 |
| debian | debian_linux | 3.0 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| redhat | enterprise_linux | 2.1 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 9.0 |
| redhat | fedora_core | core_2.0 |
| sco | openserver | 6.0 |
| mandrakesoft | mandrake_linux | 10.2 |
| debian | debian_linux | 3.1 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | linux | 9.0 |
| redhat | enterprise_linux | 3.0 |
| libextractor | libextractor | * |
| slackware | slackware_linux | 10.0 |
| conectiva | linux | 10.0 |
| ubuntu | ubuntu_linux | 4.1 |
| redhat | enterprise_linux | 4.0 |
| turbolinux | turbolinux_workstation | 8.0 |
| poppler | poppler | 0.4.2 |
| turbolinux | turbolinux_personal | * |
| kde | kpdf | 3.2 |
| slackware | slackware_linux | 9.1 |
| redhat | fedora_core | core_3.0 |
| kde | kword | 1.4.2 |
| redhat | fedora_core | core_1.0 |
| suse | suse_linux | 1.0 |
| sgi | propack | 3.0 |
| redhat | enterprise_linux_desktop | 4.0 |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
| suse | suse_linux | 9.2 |
| redhat | enterprise_linux_desktop | 3.0 |
| redhat | linux_advanced_workstation | 2.1 |
| suse | suse_linux | 10.0 |
| turbolinux | turbolinux | fuji |
| turbolinux | turbolinux_server | 10.0 |
| easy_software_products | cups | 1.1.23_rc1 |
| turbolinux | turbolinux_desktop | 10.0 |
| easy_software_products | cups | 1.1.22 |
| kde | koffice | 1.4 |
| kde | koffice | 1.4.1 |
| slackware | slackware_linux | 10.1 |
| redhat | linux | 7.3 |
| turbolinux | turbolinux_multimedia | * |
| kde | kpdf | 3.4.3 |
| suse | suse_linux | 9.3 |
| tetex | tetex | 2.0.2 |
| ubuntu | ubuntu_linux | 5.10 |
| gentoo | linux | * |
| tetex | tetex | 3.0 |
| slackware | slackware_linux | 10.2 |
| tetex | tetex | 1.0.7 |
| kde | koffice | 1.4.2 |
| turbolinux | turbolinux_server | 10.0_x86 |
| turbolinux | turbolinux_appliance_server | 1.0_hosting_edition |
| suse | suse_linux | 9.1 |
| trustix | secure_linux | 2.2 |
| sco | openserver | 5.0.7 |
| trustix | secure_linux | 2.0 |
| xpdf | xpdf | 3.0 |
| mandrakesoft | mandrake_linux | 2006 |
| slackware | slackware_linux | 9.0 |
| trustix | secure_linux | 3.0 |
| turbolinux | turbolinux_home | * |
| kde | kdegraphics | 3.4.3 |
| easy_software_products | cups | 1.1.22_rc1 |
| tetex | tetex | 2.0.1 |
| turbolinux | turbolinux_appliance_server | 1.0_workgroup_edition |
| ubuntu | ubuntu_linux | 5.04 |
| tetex | tetex | 2.0 |
| mandrakesoft | mandrake_linux | 10.1 |
| easy_software_products | cups | 1.1.23 |
| redhat | fedora_core | core_4.0 |
| turbolinux | turbolinux | 10 |
| kde | kdegraphics | 3.2 |
| debian | debian_linux | 3.0 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0 |
| redhat | enterprise_linux | 2.1 |
| turbolinux | turbolinux_server | 8.0 |
| suse | suse_linux | 9.0 |
| redhat | fedora_core | core_2.0 |
| sco | openserver | 6.0 |
| mandrakesoft | mandrake_linux | 10.2 |
| debian | debian_linux | 3.1 |
Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror | 3.1 |
| kde | konqueror | 3.0.5b |
| kde | konqueror | 3.1.1 |
| kde | konqueror | 2.1.1 |
| kde | konqueror | 3.3.2 |
| kde | konqueror | 3.0.1 |
| kde | konqueror | 3.1.5 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 3.2.3 |
| kde | konqueror | 3.2.1 |
| kde | konqueror | 3.0.2 |
| kde | konqueror | 2.2.1 |
| kde | konqueror | 3.0.5 |
| kde | konqueror | 3.3.1 |
| kde | konqueror | 3.1.2 |
| kde | konqueror | 0.1 |
| kde | konqueror | 3.1.3 |
| kde | konqueror | 3.1.4 |
| kde | konqueror | 2.2.2 |
| kde | konqueror | 3.2.2.6 |
| kde | konqueror | 3.3 |
| kde | konqueror | 2.1.2 |
| kde | konqueror | 3.0 |
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.3 |
| kde | kde | 3.5.0 |
| kde | kde | 3.4.0 |
| kde | kde | 3.2.0 |
| kde | kde | 3.3.1 |
| kde | kde | 3.3.x |
| kde | kde | 3.2.x |
| kde | kde | 3.2.0_beta1 |
| kde | kde | 3.2.1 |
| kde | kde | 3.4.2 |
| kde | kde | 3.2.2 |
| kde | kde | 3.2.3 |
| kde | kde | 3.4 |
| kde | kde | 3.3.2 |
| kde | kde | 3.4.1 |
| kde | kde | 3.2 |
| kde | kde | 3.3.0 |
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde | 3.3 |
| kde | kde | 3.3.1 |
| kde | kde | 3.4.3 |
| kde | kde | 3.2.1 |
| kde | kde | 3.4.2 |
| kde | kde | 3.2.2 |
| kde | kde | 3.5.2 |
| kde | kde | 3.2.3 |
| kde | kde | 3.4 |
| kde | kde | 3.3.2 |
| kde | kde | 3.4.1 |
| kde | kde | 3.5 |
| kde | kde | 3.2 |
| kde | kde | 3.5.3 |
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-273,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | arts | 1.2 |
| kde | arts | 1.0 |
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | konqueror | 3.0.5b |
| kde | konqueror | 3.3.2 |
| kde | konqueror | 3.1.5 |
| kde | konqueror | 3.0.3 |
| kde | konqueror | 3.2.3 |
| kde | konqueror | 3.0.2 |
| kde | konqueror | 2.2.1 |
| kde | konqueror | 3.0.5 |
| kde | konqueror | 3.1.2 |
| kde | konqueror | 2.2.2 |
| kde | konqueror | 3.2.2.6 |
| kde | konqueror | 3.3 |
| kde | konqueror | 3.1 |
| kde | konqueror | 3.1.1 |
| kde | konqueror | 2.1.1 |
| kde | konqueror | 3.0.1 |
| kde | konqueror | * |
| kde | konqueror | 3.2.1 |
| kde | konqueror | 3.2.2 |
| kde | konqueror | 3.3.1 |
| kde | konqueror | 3.1.3 |
| kde | konqueror | 3.1.4 |
| kde | konqueror | 2.1.2 |
| kde | konqueror | 3.0 |
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-617,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 5.10 |
| canonical | ubuntu_linux | 6.10 |
| canonical | ubuntu_linux | 6.06 |
| kde | ksirc | 1.3.12 |
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_sc | 4.4.0 |
| kde | kde_sc | 4.3.4 |
| kde | kde_sc | 4.1.2 |
| kde | kde_sc | 4.3.1 |
| kde | kde_sc | 4.2.2 |
| kde | kde_sc | 2.2.0 |
| kde | kde_sc | 4.3.0 |
| kde | kde_sc | 4.3.5 |
| kde | kde_sc | 3.5.10 |
| kde | kde_sc | 4.4.2 |
| kde | kde_sc | 4.4.1 |
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_sc | 4.4.0 |
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_sc | 4.3.4 |
| kde | kde_sc | 4.0.2 |
| kde | kde_sc | 4.2.1 |
| kde | kde_sc | 4.0.0 |
| kde | kde_sc | 4.4.3 |
| kde | kde_sc | 4.3.0 |
| kde | kde_sc | 4.3.5 |
| kde | kde_sc | 4.3.3 |
| kde | kde_sc | 4.4.1 |
| kde | kde_sc | 4.1.3 |
| kde | kde_sc | 4.2.4 |
| kde | kde_sc | 4.0.4 |
| kde | kde_sc | 4.2.2 |
| kde | kde_sc | 4.1.0 |
| kde | kde_sc | 4.1.4 |
| kde | kde_sc | 4.3.2 |
| kde | kde_sc | 4.4.0 |
| kde | kde_sc | 4.1.80 |
| kde | kde_sc | 4.0.3 |
| kde | kde_sc | 4.0.5 |
| kde | kde_sc | 4.2.0 |
| kde | kde_sc | 4.1.85 |
| kde | kde_sc | 4.1.1 |
| kde | kde_sc | 4.2 |
| kde | kde_sc | 4.4.2 |
| kde | kde_sc | 4.2.3 |
| kde | kde_sc | 4.1.2 |
| kde | kde_sc | 4.3.1 |
| kde | kde_sc | 4.0.1 |
| kde | kde_sc | 4.1.96 |
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_sc | 4.3.4 |
| kde | kde_sc | 4.0.2 |
| kde | kde_sc | 4.2.1 |
| kde | kde_sc | 4.0.0 |
| kde | kde_sc | 4.4.3 |
| kde | kde_sc | 4.3.0 |
| kde | kde_sc | 4.3.5 |
| kde | kde_sc | 4.3.3 |
| kde | kde_sc | 3.5.10 |
| kde | kget | 2.4.2 |
| kde | kde_sc | 4.4.1 |
| kde | kde_sc | 4.1.3 |
| kde | kde_sc | 4.2.4 |
| kde | kde_sc | 4.0.4 |
| kde | kde_sc | 4.2.2 |
| kde | kde_sc | 2.2.0 |
| kde | kde_sc | 4.1.0 |
| kde | kde_sc | 4.1.4 |
| kde | kde_sc | 4.3.2 |
| kde | kde_sc | 4.4.0 |
| kde | kde_sc | 4.1.80 |
| kde | kde_sc | 4.0.3 |
| kde | kde_sc | 4.0.5 |
| kde | kde_sc | 4.2.0 |
| kde | kde_sc | 4.1.85 |
| kde | kde_sc | 4.1.1 |
| kde | kde_sc | 4.2 |
| kde | kde_sc | 4.4.2 |
| kde | kde_sc | 4.2.3 |
| kde | kde_sc | 4.1.2 |
| kde | kde_sc | 4.3.1 |
| kde | kde_sc | 4.0.1 |
| kde | kde_sc | 4.1.96 |
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_sc | 4.3.2 |
| kde | kde_sc | 4.4.0 |
| kde | kde_sc | 4.3.4 |
| kde | kde_sc | 4.4.4 |
| kde | kde_sc | 4.4.5 |
| kde | kde_sc | 4.4.3 |
| kde | kde_sc | 4.3.0 |
| kde | kde_sc | 4.3.5 |
| kde | kde_sc | 4.3.3 |
| kde | kde_sc | 4.4.2 |
| kde | kde_sc | 4.4.1 |
| kde | kde_sc | 4.5.0 |
| kde | kde_sc | 4.3.1 |
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| glyphandcog | xpdfreader | 0.2 |
| poppler | poppler | 0.14.0 |
| poppler | poppler | 0.10.2 |
| glyphandcog | xpdfreader | 2.01 |
| foolabs | xpdf | 3.02pl3 |
| poppler | poppler | 0.10.5 |
| poppler | poppler | 0.9.1 |
| poppler | poppler | 0.15.1 |
| poppler | poppler | 0.15.0 |
| foolabs | xpdf | 0.92e |
| poppler | poppler | 0.9.0 |
| poppler | poppler | 0.13.2 |
| glyphandcog | xpdfreader | 0.5 |
| poppler | poppler | 0.12.1 |
| poppler | poppler | 0.14.5 |
| foolabs | xpdf | 3.0.1 |
| foolabs | xpdf | 3.02pl1 |
| foolabs | xpdf | 0.92c |
| glyphandcog | xpdfreader | 0.93 |
| foolabs | xpdf | 0.91b |
| foolabs | xpdf | 0.92d |
| glyphandcog | xpdfreader | 0.4 |
| glyphandcog | xpdfreader | 3.01 |
| poppler | poppler | 0.11.0 |
| glyphandcog | xpdfreader | 0.80 |
| glyphandcog | xpdfreader | 2.02 |
| glyphandcog | xpdfreader | 0.92 |
| poppler | poppler | 0.14.3 |
| foolabs | xpdf | 0.7a |
| poppler | poppler | 0.11.1 |
| poppler | poppler | 0.14.4 |
| glyphandcog | xpdfreader | 0.3 |
| glyphandcog | xpdfreader | 1.00 |
| foolabs | xpdf | 3.02pl2 |
| poppler | poppler | 0.10.7 |
| poppler | poppler | 0.12.0 |
| foolabs | xpdf | 0.92b |
| foolabs | xpdf | 0.93a |
| kde | kdegraphics | * |
| poppler | poppler | 0.14.1 |
| poppler | poppler | 0.10.0 |
| foolabs | xpdf | 0.93c |
| poppler | poppler | 0.12.4 |
| poppler | poppler | 0.10.4 |
| glyphandcog | xpdfreader | 3.02 |
| foolabs | xpdf | 0.92a |
| poppler | poppler | 0.8.7 |
| poppler | poppler | 0.9.2 |
| poppler | poppler | 0.10.6 |
| glyphandcog | xpdfreader | 3.00 |
| poppler | poppler | 0.13.1 |
| glyphandcog | xpdfreader | 0.7 |
| poppler | poppler | 0.11.2 |
| poppler | poppler | 0.14.2 |
| poppler | poppler | 0.13.4 |
| poppler | poppler | 0.13.3 |
| foolabs | xpdf | 0.91a |
| glyphandcog | xpdfreader | 0.90 |
| glyphandcog | xpdfreader | 0.91 |
| foolabs | xpdf | 0.5a |
| poppler | poppler | 0.10.1 |
| poppler | poppler | 0.12.3 |
| foolabs | xpdf | 0.91c |
| glyphandcog | xpdfreader | 2.03 |
| poppler | poppler | 0.12.2 |
| poppler | poppler | 0.11.3 |
| foolabs | xpdf | 0.93b |
| glyphandcog | xpdfreader | 0.6 |
| glyphandcog | xpdfreader | * |
| glyphandcog | xpdfreader | 2.00 |
| poppler | poppler | 0.9.3 |
| poppler | poppler | 0.10.3 |
| poppler | poppler | 0.13.0 |
| foolabs | xpdf | 1.00a |
| glyphandcog | xpdfreader | 1.01 |
Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_sc | 4.6.1 |
| kde | kde_sc | 4.4.0 |
| kde | kde_sc | 4.4.4 |
| kde | kde_sc | 4.6.0 |
| kde | kde_sc | 4.6 |
| kde | kde_sc | 4.4.5 |
| kde | kde_sc | 4.5.3 |
| kde | kde_sc | 4.5.5 |
| kde | kde_sc | 4.4.3 |
| kde | kde_sc | 4.4.2 |
| kde | kde_sc | 4.4.1 |
| kde | kde_sc | 4.5.1 |
| kde | kde_sc | 4.5.0 |
| kde | kde_sc | 4.5.4 |
| kde | kde_sc | 4.5.2 |
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_sc | 4.3.4 |
| kde | kde_sc | 4.4.4 |
| kde | kde_sc | 4.0.2 |
| kde | kde_sc | 4.2.1 |
| kde | kde_sc | 4.0.0 |
| kde | kde_sc | 4.6.0 |
| kde | kde_sc | 4.6 |
| kde | kde_sc | 4.4.5 |
| kde | kde_sc | 4.5.3 |
| kde | kde_sc | 4.5.5 |
| kde | kde_sc | 4.4.3 |
| kde | kde_sc | 4.3.0 |
| kde | kde_sc | 4.3.5 |
| kde | kde_sc | 4.3.3 |
| kde | kde_sc | 3.5.10 |
| kde | kde_sc | 4.4.1 |
| kde | kde_sc | 4.1.3 |
| kde | kde_sc | 4.2.4 |
| kde | kde_sc | 4.5.4 |
| kde | kde_sc | * |
| kde | kde_sc | 4.0.4 |
| kde | kde_sc | 4.2.2 |
| kde | kde_sc | 2.2.0 |
| kde | kde_sc | 4.5.2 |
| kde | kde_sc | 4.1.0 |
| kde | kde_sc | 4.1.4 |
| kde | kde_sc | 4.6.1 |
| kde | kde_sc | 4.3.2 |
| kde | kde_sc | 4.4.0 |
| kde | kde_sc | 4.1.80 |
| kde | kde_sc | 4.0.3 |
| kde | kde_sc | 4.0.5 |
| kde | kde_sc | 4.2.0 |
| kde | kde_sc | 4.1.85 |
| kde | kde_sc | 4.1.1 |
| kde | kde_sc | 4.2 |
| kde | kde_sc | 4.4.2 |
| kde | kde_sc | 4.5.1 |
| kde | kde_sc | 4.2.3 |
| kde | kde_sc | 4.5.0 |
| kde | kde_sc | 4.1.2 |
| kde | kde_sc | 4.3.1 |
| kde | kde_sc | 4.0.1 |
| kde | kde_sc | 4.1.96 |
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_sc | 4.6.1 |
| kde | kde_sc | 4.6.5 |
| kde | kde_sc | 4.6.2 |
| kde | kde_sc | 4.7.1 |
| kde | kde_sc | 4.6.0 |
| kde | kde_sc | 4.7.0 |
| kde | kde_sc | 4.6.3 |
| kde | kde_sc | 4.6.4 |
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kcheckpass | * |
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | koffice | 1.4.1 |
| kde | koffice | 1.3 |
| kde | koffice | 1.3.2 |
| kde | koffice | 1.3.3 |
| kde | koffice | 1.3.4 |
| kde | koffice | 1.3.5 |
| kde | koffice | 1.6.1 |
| kde | koffice | 1.4.2 |
| kde | koffice | 1.3.1 |
| kde | koffice | * |
| kde | koffice | 1.2.1 |
| kde | koffice | 1.2 |
| kde | koffice | 1.4 |
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-843,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server_eus | 6.3 |
| kde | kde | 4.7.3 |
| redhat | enterprise_linux | 6.0 |
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kdelibs | 4.10.2 |
| kde | kdelibs | 4.10.1 |
| kde | kdelibs | 4.10.0 |
| kde | kdelibs | * |
The %{password(...)} macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.4 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.5 | 5.9 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | paste_applet | * |
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | paste_applet | * |
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_sc | * |
| opensuse | opensuse | 12.2 |
| kde | kde-workspace | * |
kde-workspace before 4.10.5 has a memory leak in plasma desktop
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-404,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| kde | kde-workspace | * |
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_applications | * |
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kdelibs | 4.12.0 |
| kde | kdelibs | 4.12.1 |
| kde | kdelibs | 4.11.97 |
| opensuse | opensuse | 13.1 |
| kde | kdelibs | 4.11.0 |
| kde | kdelibs | 4.11.80 |
| kde | kdelibs | 4.12.90 |
| kde | kdelibs | 4.12.95 |
| kde | kdelibs | 4.12.4 |
| kde | kdelibs | 4.11.2 |
| kde | kdelibs | 4.13.1 |
| kde | kdelibs | 4.12.2 |
| kde | kdelibs | 4.12.97 |
| kde | kdelibs | 4.11.5 |
| kde | kdelibs | 4.12.3 |
| kde | kdelibs | 4.10.97 |
| kde | kdelibs | 4.11.3 |
| kde | kdelibs | 4.12.5 |
| kde | kdelibs | 4.12.80 |
| kde | kdelibs | 4.13.0 |
| kde | kdelibs | 4.11.1 |
| kde | kdelibs | 4.11.4 |
| kde | kdelibs | 4.11.90 |
| kde | kdelibs | 4.11.95 |
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kdelibs | 4.12.0 |
| kde | kdelibs | 4.10.3 |
| kde | kdelibs | 4.10.0 |
| kde | kdelibs | * |
| kde | kdelibs | 4.12.1 |
| kde | kdelibs | 4.11.97 |
| kde | kdelibs | 4.11.0 |
| kde | kdelibs | 4.11.80 |
| kde | kdelibs | 4.10.2 |
| kde | kdelibs | 4.12.90 |
| kde | kdelibs | 4.12.95 |
| kde | kdelibs | 4.12.4 |
| kde | kdelibs | 4.11.2 |
| kde | kdelibs | 4.13.90 |
| kde | kdelibs | 4.13.1 |
| kde | kdelibs | 4.13.2 |
| kde | kdelibs | 4.12.2 |
| kde | kdelibs | 4.12.97 |
| kde | kdelibs | 4.11.5 |
| kde | kdelibs | 4.12.3 |
| kde | kdelibs | 4.10.1 |
| kde | kdelibs | 4.10.97 |
| kde | kdelibs | 4.11.3 |
| canonical | ubuntu_linux | 14.04 |
| kde | kauth | * |
| kde | kdelibs | 4.12.5 |
| kde | kdelibs | 4.12.80 |
| kde | kdelibs | 4.10.95 |
| kde | kdelibs | 4.13.0 |
| kde | kdelibs | 4.11.1 |
| debian | kde4libs | - |
| kde | kdelibs | 4.11.4 |
| kde | kdelibs | 4.13.80 |
| kde | kdelibs | 4.13.95 |
| kde | kdelibs | 4.11.90 |
| kde | kdelibs | 4.11.95 |
| kde | kdelibs | 4.13.3 |
| canonical | ubuntu_linux | 12.04 |
Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| urs_wolfer | kwebkitpart | * |
| kde | kde-runtime | * |
| kde | kio-extras | * |
| opensuse | opensuse | 13.1 |
The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | plasma-desktop | * |
| kde | kde-workspace | * |
KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kmail | 4.11.5 |
plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | plasma-workspace | * |
kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | plasma-workspace | * |
| kde | kde-workspace | * |
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kdelibs | * |
| artsproject | arts | 1.5.10 |
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-254,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| kde | kscreenlocker | * |
| fedoraproject | fedora | 23 |
| kde | plasma-workspace | * |
| fedoraproject | fedora | 22 |
kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| opensuse | opensuse | 13.2 |
| kde | kde_frameworks | * |
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 14.04 |
| kde | karchives | * |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 15.10 |
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.1 |
| opensuse | opensuse | 13.2 |
| kde | kde-cli-tools | - |
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 25 |
| debian | debian_linux | 8.0 |
| suse | linux_enterprise | 12.0 |
| kde | kmail | * |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-94,CWE-284,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kmail | * |
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kmail | * |
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| microsoft | outlook | 2010 |
| 9folders | nine | - |
| horde | horde_imp | - |
| kde | kmail | - |
| gnome | evolution | - |
| bloop | airmail | - |
| microsoft | outlook | 2007 |
| apple | - | |
| flipdogsolutions | maildroid | - |
| r2mail2 | r2mail2 | - |
| gmail | - | |
| kde | trojita | - |
| mozilla | thunderbird | - |
| ritlabs | the_bat | - |
| emclient | emclient | - |
| microsoft | outlook | 2013 |
| microsoft | outlook | 2016 |
| freron | mailmate | - |
| postbox-inc | postbox | - |
| ibm | notes | - |
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 25 |
| kde | ark | * |
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kio | * |
| kde | kdelibs | * |
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-290,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kdelibs | * |
| kde | kauth | * |
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-311,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | messagelib | * |
| kde | kmail | * |
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| debian | debian_linux | 8.0 |
| kde | okular | * |
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | ktexteditor | * |
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.3 |
| debian | debian_linux | 9.0 |
| opensuse | leap | 15.0 |
| kde | plasma | * |
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_applications | * |
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kde_applications | * |
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | plasma-workspace | * |
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| kde | plasma-workspace | * |
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kmail | 5.2.3 |
| debian | debian_linux | 8.0 |
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_desktop | 7.0 |
| debian | debian_linux | 9.0 |
| opensuse | backports_sle | 15.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 19.04 |
| debian | debian_linux | 10.0 |
| kde | kconfig | * |
| redhat | enterprise_linux_server | 7.0 |
| canonical | ubuntu_linux | 18.04 |
| fedoraproject | fedora | 30 |
| redhat | enterprise_linux_workstation | 7.0 |
| fedoraproject | fedora | 29 |
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 42.3 |
| opensuse | leap | 15.0 |
| fedoraproject | fedora | 28 |
| opensuse | backports | - |
| fedoraproject | fedora | 29 |
| kde | kauth | * |
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kmail | * |
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 1.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kio-extras | * |
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-401,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | amarok | 2.8.0 |
KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 9.0 |
| kde | kmail | 19.12.3 |
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 9.0 |
| kde | ark | * |
| canonical | ubuntu_linux | 18.04 |
| fedoraproject | fedora | 31 |
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 20.04 |
| opensuse | leap | 15.2 |
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home directory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.3 | LOW | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 1.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-59,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| debian | debian_linux | 10.0 |
| debian | debian_linux | 9.0 |
| fedoraproject | fedora | 33 |
| kde | ark | * |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 16.04 |
| fedoraproject | fedora | 32 |
| canonical | ubuntu_linux | 20.04 |
| opensuse | leap | 15.2 |
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | leap | 15.1 |
| opensuse | backports_sle | 15.0 |
| kde | kdeconnect | * |
| opensuse | leap | 15.2 |
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | partition_manager | * |
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | 1.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 8.0 |
| fedoraproject | fedora | 30 |
| fedoraproject | fedora | 31 |
| fedoraproject | fedora | 32 |
| kde | okular | * |
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | discover | * |
KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote server. With a crafted message, a user could be tricked into decrypting an encrypted message and then deleting an attachment attached to this message. If the attacker has access to the messages stored on the email server, then the attacker could read the decrypted content of the encrypted message. This occurs in ViewerPrivate::deleteAttachment in messageviewer/src/viewer/viewer_p.cpp.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-312,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | messagelib | * |
KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | 1.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kimageformats | * |
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N | 2.2 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-77,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | trojita | 0.7 |
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.6 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-77,CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kmail | 19.12.3 |
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kate | * |
| kde | ktexteditor | * |
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-362,CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | kcron | * |
A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 3.1 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N | 1.6 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | plasma-workspace | * |
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| kde | plasma-workspace | * |