KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
Max CVSS
7.2
EPSS Score
0.04%
Published
1998-11-18
Updated
2016-10-18
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.
Max CVSS
7.2
EPSS Score
0.04%
Published
1998-05-16
Updated
2017-12-19
Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
1998-04-29
Updated
2017-12-19
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
Max CVSS
7.2
EPSS Score
0.05%
Published
1998-11-18
Updated
2017-12-19
Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.
Max CVSS
7.2
EPSS Score
0.05%
Published
1999-01-06
Updated
2017-12-19
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
1999-06-01
Updated
2017-10-10
The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-05-16
Updated
2008-09-10
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-05-27
Updated
2008-09-10
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
Max CVSS
7.2
EPSS Score
0.04%
Published
2000-05-31
Updated
2017-10-10
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters.
Max CVSS
7.2
EPSS Score
0.05%
Published
2000-12-19
Updated
2008-09-05
KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file.
Max CVSS
7.2
EPSS Score
0.04%
Published
2001-10-18
Updated
2017-12-19
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
Max CVSS
7.5
EPSS Score
1.13%
Published
2002-09-24
Updated
2017-10-10
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
Max CVSS
7.5
EPSS Score
1.16%
Published
2002-10-11
Updated
2016-10-18
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
Max CVSS
7.5
EPSS Score
1.24%
Published
2002-10-11
Updated
2016-10-18
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
Max CVSS
7.5
EPSS Score
0.82%
Published
2002-10-28
Updated
2008-09-05
Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon.
Max CVSS
7.2
EPSS Score
0.04%
Published
2002-11-29
Updated
2016-10-18
Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and remote attackers to execute arbitrary code via a certain URL.
Max CVSS
7.5
EPSS Score
9.16%
Published
2002-11-29
Updated
2016-10-18
Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of KDE 2.x 2.1 and later allows local and remote attackers to execute arbitrary code via a certain URL.
Max CVSS
7.5
EPSS Score
9.16%
Published
2002-11-29
Updated
2016-10-18
Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.
Max CVSS
7.5
EPSS Score
9.37%
Published
2002-11-29
Updated
2016-10-18
Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
Max CVSS
7.5
EPSS Score
0.97%
Published
2003-01-17
Updated
2016-10-18
KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.
Max CVSS
7.5
EPSS Score
8.23%
Published
2003-05-05
Updated
2016-10-18
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.
Max CVSS
7.5
EPSS Score
1.65%
Published
2003-05-27
Updated
2008-09-10
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
Max CVSS
7.5
EPSS Score
0.66%
Published
2003-06-16
Updated
2008-09-10
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Max CVSS
7.5
EPSS Score
1.06%
Published
2004-04-15
Updated
2017-10-11
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
Max CVSS
7.5
EPSS Score
0.91%
Published
2003-10-06
Updated
2017-10-11
67 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!