| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2012-4515 |
399 |
|
DoS Exec Code |
2012-11-11 |
2012-11-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. |
|
2 |
CVE-2012-4514 |
|
|
DoS |
2012-11-11 |
2012-11-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." |
|
3 |
CVE-2012-4513 |
119 |
|
DoS Overflow |
2012-11-11 |
2012-11-12 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. |
|
4 |
CVE-2012-3455 |
119 |
|
DoS Exec Code Overflow |
2012-08-20 |
2012-10-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase. |
|
5 |
CVE-2012-3413 |
16 |
|
|
2012-08-07 |
2012-08-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. |
|
6 |
CVE-2011-5054 |
287 |
|
|
2012-01-06 |
2012-01-31 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched." |
|
7 |
CVE-2011-3365 |
20 |
|
|
2011-11-29 |
2012-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. |
|
8 |
CVE-2011-1586 |
22 |
|
Dir. Trav. |
2011-04-26 |
2011-09-06 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. |
|
9 |
CVE-2011-1168 |
79 |
|
XSS |
2011-04-18 |
2011-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site. |
|
10 |
CVE-2010-3704 |
20 |
|
DoS Exec Code Mem. Corr. Bypass |
2010-11-05 |
2012-11-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. |
|
11 |
CVE-2010-3702 |
20 |
|
DoS |
2010-11-05 |
2012-11-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. |
|
12 |
CVE-2010-2575 |
119 |
|
DoS Exec Code Overflow |
2010-08-30 |
2010-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file. |
|
13 |
CVE-2010-1511 |
264 |
|
|
2010-05-17 |
2010-12-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. |
|
14 |
CVE-2010-1000 |
22 |
|
Dir. Trav. |
2010-05-17 |
2011-09-06 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. |
|
15 |
CVE-2010-0923 |
362 |
|
Bypass |
2010-03-03 |
2010-03-04 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes. |
|
16 |
CVE-2010-0436 |
362 |
|
+Priv |
2010-04-15 |
2010-08-21 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. |
|
17 |
CVE-2009-4035 |
94 |
|
Exec Code Overflow |
2009-12-21 |
2010-08-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow. |
|
18 |
CVE-2009-2896 |
119 |
1
|
DoS Exec Code Overflow |
2009-08-20 |
2009-08-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information. |
|
19 |
CVE-2009-2702 |
310 |
|
|
2009-09-08 |
2012-01-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
|
20 |
CVE-2009-2537 |
399 |
1
|
DoS |
2009-07-20 |
2009-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. |
|
21 |
CVE-2008-5712 |
20 |
1
|
DoS |
2008-12-24 |
2009-02-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514. |
|
22 |
CVE-2008-5698 |
399 |
1
|
DoS |
2008-12-22 |
2009-05-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. |
|
23 |
CVE-2008-4382 |
399 |
|
DoS |
2008-10-02 |
2008-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. |
|
24 |
CVE-2008-1671 |
16 |
|
DoS Exec Code |
2008-04-28 |
2009-02-21 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. |
|
25 |
CVE-2008-1670 |
119 |
|
DoS Exec Code Overflow |
2008-04-28 |
2008-11-15 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image. |
|
26 |
CVE-2007-6591 |
|
|
|
2007-12-28 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. |
|
27 |
CVE-2007-6000 |
399 |
|
DoS |
2007-11-15 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. |
|
28 |
CVE-2007-5963 |
|
|
DoS |
2007-12-19 |
2009-01-31 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors. |
|
29 |
CVE-2007-4941 |
399 |
|
DoS |
2007-09-18 |
2008-11-15 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a .avi file with certain large "indx truck size" and nEntriesInuse values. |
|
30 |
CVE-2007-4569 |
264 |
|
Bypass |
2007-09-21 |
2010-08-21 |
6.8 |
Admin |
Local |
Low |
Single system |
Complete |
Complete |
Complete |
|
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. |
|
31 |
CVE-2007-4229 |
|
|
DoS |
2007-08-08 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
32 |
CVE-2007-4225 |
|
|
|
2007-08-08 |
2008-09-05 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. |
|
33 |
CVE-2007-4224 |
59 |
|
|
2007-08-08 |
2010-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. |
|
34 |
CVE-2007-3820 |
|
|
|
2007-07-16 |
2012-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. |
|
35 |
CVE-2007-3387 |
189 |
|
Exec Code Overflow |
2007-07-30 |
2010-12-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. |
|
36 |
CVE-2007-3143 |
|
|
|
2007-06-11 |
2008-11-15 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. |
|
37 |
CVE-2007-2164 |
|
|
DoS |
2007-04-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. |
|
38 |
CVE-2007-1565 |
|
|
DoS |
2007-03-21 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. |
|
39 |
CVE-2007-1564 |
|
|
+Info |
2007-03-21 |
2010-11-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. |
|
40 |
CVE-2007-1308 |
399 |
|
DoS |
2007-03-06 |
2010-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. |
|
41 |
CVE-2007-1265 |
|
|
|
2007-03-06 |
2008-11-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
Complete |
None |
|
KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection. |
|
42 |
CVE-2007-0537 |
79 |
|
XSS Bypass |
2007-01-29 |
2011-10-11 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. |
|
43 |
CVE-2007-0104 |
20 |
|
DoS Exec Code Mem. Corr. |
2007-01-08 |
2011-07-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. |
|
44 |
CVE-2006-7139 |
20 |
|
DoS |
2007-03-07 |
2009-03-16 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. |
|
45 |
CVE-2006-6811 |
|
|
DoS Overflow |
2006-12-29 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow. |
|
46 |
CVE-2006-6660 |
|
|
DoS |
2006-12-20 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag. |
|
47 |
CVE-2006-6297 |
399 |
|
DoS |
2006-12-05 |
2011-08-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion. |
|
48 |
CVE-2006-6120 |
|
|
Exec Code Overflow |
2006-12-03 |
2008-09-05 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow. |
|
49 |
CVE-2006-3742 |
|
|
|
2006-09-06 |
2008-09-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times. |
|
50 |
CVE-2006-3672 |
|
|
DoS |
2006-07-18 |
2010-09-15 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. |
