KDE KMail does not encrypt attachments in emails when "automatic encryption" is enabled, which allows remote attackers to obtain sensitive information by sniffing the network.
Max CVSS
5.9
EPSS Score
0.23%
Published
2017-09-28
Updated
2017-10-06
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.
Max CVSS
5.9
EPSS Score
0.55%
Published
2018-05-16
Updated
2019-10-03
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
Max CVSS
5.8
EPSS Score
0.62%
Published
2010-05-17
Updated
2018-10-10
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
Max CVSS
5.8
EPSS Score
0.49%
Published
2011-04-27
Updated
2023-02-13
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output.
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-02-11
Updated
2020-02-24
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
Max CVSS
5.5
EPSS Score
0.32%
Published
2017-03-02
Updated
2019-10-03
okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "core/document.cpp" that can result in Arbitrary file creation on the user workstation. This attack appear to be exploitable via he victim must open a specially crafted Okular archive. This issue appears to have been corrected in version 18.08.1
Max CVSS
5.5
EPSS Score
0.11%
Published
2018-09-06
Updated
2019-03-20
A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service.
Max CVSS
5.5
EPSS Score
0.12%
Published
2020-05-20
Updated
2022-04-28
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
Max CVSS
5.5
EPSS Score
0.05%
Published
2020-10-07
Updated
2023-01-31
KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE.
Max CVSS
5.5
EPSS Score
0.16%
Published
2021-07-01
Updated
2021-07-08
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
Max CVSS
5.3
EPSS Score
0.53%
Published
2018-02-07
Updated
2019-08-06
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value.
Max CVSS
5.3
EPSS Score
0.08%
Published
2020-03-12
Updated
2020-03-18
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server requires authentication" is checked.
Max CVSS
5.3
EPSS Score
0.08%
Published
2021-08-10
Updated
2021-08-20
KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server.
Max CVSS
5.0
EPSS Score
0.27%
Published
1997-05-05
Updated
2017-12-19
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.
Max CVSS
5.0
EPSS Score
0.84%
Published
1999-06-01
Updated
2017-10-10
KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message.
Max CVSS
5.0
EPSS Score
3.82%
Published
2002-05-16
Updated
2016-10-18
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long.
Max CVSS
5.0
EPSS Score
0.56%
Published
2002-06-25
Updated
2016-10-18
Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.
Max CVSS
5.0
EPSS Score
1.56%
Published
2002-10-28
Updated
2008-09-05
Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
Max CVSS
5.0
EPSS Score
0.28%
Published
2002-12-31
Updated
2008-09-05
Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
Max CVSS
5.0
EPSS Score
0.17%
Published
2003-06-09
Updated
2008-09-05
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
Max CVSS
5.0
EPSS Score
0.50%
Published
2003-08-27
Updated
2017-10-11
KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
Max CVSS
5.0
EPSS Score
1.74%
Published
2004-08-06
Updated
2017-07-11
KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Max CVSS
5.0
EPSS Score
0.60%
Published
2004-09-16
Updated
2017-07-11
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
Max CVSS
5.0
EPSS Score
5.28%
Published
2005-01-27
Updated
2017-10-11
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
Max CVSS
5.0
EPSS Score
4.52%
Published
2004-12-31
Updated
2022-02-28
39 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!