Filtered by vendor Kde
Subscriptions
Total
209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1096 | 1 Kde | 1 Kde | 2025-04-03 | N/A |
| Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable. | ||||
| CVE-1999-1268 | 1 Kde | 1 Kde | 2025-04-03 | N/A |
| Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. | ||||
| CVE-2002-1151 | 2 Kde, Redhat | 4 Kde, Konqueror, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains. | ||||
| CVE-2002-1224 | 2 Kde, Redhat | 2 Kde, Linux | 2025-04-03 | N/A |
| Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter. | ||||
| CVE-2002-1282 | 2 Kde, Redhat | 2 Kde, Linux | 2025-04-03 | N/A |
| Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL. | ||||
| CVE-2002-1306 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL. | ||||
| CVE-2005-0011 | 1 Kde | 1 Kde | 2025-04-03 | N/A |
| Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows. | ||||
| CVE-2004-0527 | 1 Kde | 1 Konqueror | 2025-04-03 | N/A |
| KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. | ||||
| CVE-2002-1152 | 2 Kde, Redhat | 2 Kde, Linux | 2025-04-03 | N/A |
| Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. | ||||
| CVE-2006-0019 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2025-04-03 | N/A |
| Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. | ||||
| CVE-1999-0781 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2025-04-03 | N/A |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | ||||
| CVE-2000-0460 | 1 Kde | 1 Kde | 2025-04-03 | N/A |
| Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable. | ||||
| CVE-2004-0721 | 2 Kde, Redhat | 2 Konqueror, Enterprise Linux | 2025-04-03 | N/A |
| Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | ||||
| CVE-2004-0746 | 5 Gentoo, Kde, Mandrakesoft and 2 more | 6 Linux, Kde, Konqueror and 3 more | 2025-04-03 | N/A |
| Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||||
| CVE-2004-0866 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2025-04-03 | N/A |
| Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||||
| CVE-2004-0888 | 11 Debian, Easy Software Products, Gentoo and 8 more | 16 Debian Linux, Cups, Linux and 13 more | 2025-04-03 | N/A |
| Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | ||||
| CVE-2001-0610 | 2 Kde, Suse | 2 Kde, Suse Linux | 2025-04-03 | N/A |
| kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp. | ||||
| CVE-2006-2916 | 2 Kde, Linux | 2 Arts, Linux Kernel | 2025-04-03 | 7.8 High |
| artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. | ||||
| CVE-2004-1125 | 4 Easy Software Products, Kde, Redhat and 1 more | 4 Cups, Kde, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. | ||||
| CVE-2004-1158 | 3 Kde, Mandrakesoft, Redhat | 4 Konqueror, Mandrake Linux, Enterprise Linux and 1 more | 2025-04-03 | N/A |
| Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | ||||