KdeCVEs & Vulnerabilities

195 CVEs affecting Kde products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

kde 468konqueror 201kde sc 160kdelibs 76koffice 57k-mail 37kpdf 15kdegraphics 10
CVE-2004-0689HIGH

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

28 Sep 2004
7.1
CVSS
CVE-2004-0690MEDIUM

The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.

28 Sep 2004
4.6
CVSS
CVE-2004-0866HIGH

Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.

16 Sep 2004
7.5
CVSS
CVE-2004-0870MEDIUM

KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

16 Sep 2004
5.0
CVSS
CVE-2004-0527MEDIUMpoc

KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

6 Aug 2004
5.0
CVSS
CVE-2004-0721HIGH

Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

27 Jul 2004
7.5
CVSS
CVE-2004-0411HIGH

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

7 Jul 2004
7.5
CVSS
CVE-2003-0592HIGH

Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

15 Apr 2004
7.5
CVSS
CVE-2003-0988HIGH

Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.

17 Feb 2004
7.5
CVSS
CVE-2003-1478MEDIUMpoc

Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm.

31 Dec 2003
4.3
CVSS
CVE-2003-0690CRITICAL

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.

6 Oct 2003
10.0
CVSS
CVE-2003-0692HIGH

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.

6 Oct 2003
7.5
CVSS
CVE-2003-0459MEDIUM

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

27 Aug 2003
5.0
CVSS
CVE-2003-0370HIGH

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

16 Jun 2003
7.5
CVSS
CVE-2003-0355MEDIUM

Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.

9 Jun 2003
5.0
CVSS
CVE-2003-0256HIGH

The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.

27 May 2003
7.5
CVSS
CVE-2003-0204HIGH

KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.

5 May 2003
7.5
CVSS
CVE-2002-1393HIGH

Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.

17 Jan 2003
7.5
CVSS
CVE-2002-2333MEDIUM

Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.

31 Dec 2002
5.0
CVSS
CVE-2002-1247HIGH

Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.

29 Nov 2002
7.2
CVSS
CVE-2002-1281HIGH

Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.

29 Nov 2002
7.5
CVSS
CVE-2002-1282HIGH

Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.

29 Nov 2002
7.5
CVSS
CVE-2002-1306HIGH

Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.

29 Nov 2002
7.5
CVSS
CVE-2002-1223HIGH

Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.

28 Oct 2002
7.5
CVSS
CVE-2002-1224MEDIUMpoc

Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.

28 Oct 2002
5.0
CVSS
CVE-2002-1151HIGH

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.

11 Oct 2002
7.5
CVSS
CVE-2002-1152HIGH

Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.

11 Oct 2002
7.5
CVSS
CVE-2002-0970HIGH

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

24 Sep 2002
7.5
CVSS
CVE-2002-0342MEDIUM

Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long.

25 Jun 2002
5.0
CVSS
CVE-2002-0227MEDIUMpoc

KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.

16 May 2002
5.0
CVSS
CVE-2001-1197MEDIUM

klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file.

14 Dec 2001
4.6
CVSS
CVE-2001-0782HIGHpoc

KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file.

18 Oct 2001
7.2
CVSS
CVE-2001-0610MEDIUMpoc

kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.

2 Aug 2001
4.6
CVSS
CVE-2000-0918HIGH

Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.

19 Dec 2000
7.2
CVSS
CVE-2000-0530HIGHpoc

The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.

31 May 2000
7.2
CVSS
CVE-2000-0460HIGHpoc

Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.

27 May 2000
7.2
CVSS
CVE-2000-0393HIGHpoc

The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.

16 May 2000
7.2
CVSS
CVE-1999-0735MEDIUMpoc

KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.

4 Jan 2000
4.6
CVSS
CVE-2000-0373HIGH

Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.

1 Jun 1999
7.2
CVSS
CVE-2000-0481MEDIUM

Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.

1 Jun 1999
5.0
CVSS
CVE-2000-0371LOW

The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.

1 Mar 1999
1.2
CVSS
CVE-1999-1268HIGH

Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.

6 Jan 1999
7.2
CVSS
CVE-1999-0780MEDIUM

KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.

18 Nov 1998
4.6
CVSS
CVE-1999-0781HIGH

KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

18 Nov 1998
7.2
CVSS
CVE-1999-0782LOW

KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

18 Nov 1998
2.1
CVSS
CVE-1999-1107HIGH

Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.

18 Nov 1998
7.2
CVSS
CVE-1999-1270MEDIUM

KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.

11 Jul 1998
4.6
CVSS
CVE-1999-1096HIGH

Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.

16 May 1998
7.2
CVSS