| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses. |
| KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. |
| Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. |
| Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. |
| Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. |
| Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. |
| Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. |
| kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop. |
| The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute. |
| The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack. |
| Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument. |
| Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable. |
| KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. |
| Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable. |
| KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps. |
| Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file. |
| Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. |
| KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server. |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. |
| Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. |
