KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename during an editing session. Thus, someone watching it be created the first time could potentially intercept the file the following time, enabling that person to run unauthorized commands.
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-02-26
Updated
2022-03-08
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-02-11
Updated
2024-01-15
libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs (that are neither https:// nor http://) based on the content of the store.kde.org web site. (5.18.7 is also a fixed version.)
Max CVSS
7.5
EPSS Score
0.10%
Published
2021-03-20
Updated
2023-12-28
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.
Max CVSS
7.8
EPSS Score
0.04%
Published
2020-10-26
Updated
2022-04-28
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
Max CVSS
7.8
EPSS Score
0.30%
Published
2019-08-07
Updated
2023-02-28
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
Max CVSS
7.5
EPSS Score
0.18%
Published
2018-11-29
Updated
2019-01-31
kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-05-08
Updated
2018-06-12
An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure handling of temporary files in the KTextEditor's kauth_ktexteditor_helper service (as utilized in the Kate text editor) can allow other unprivileged users on the local system to gain root privileges. The attack occurs when one user (who has an unprivileged account but is also able to authenticate as root) writes a text file using Kate into a directory owned by a another unprivileged user. The latter unprivileged user conducts a symlink attack to achieve privilege escalation.
Max CVSS
7.8
EPSS Score
0.05%
Published
2018-04-25
Updated
2019-10-03
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
Max CVSS
7.2
EPSS Score
0.17%
Published
2018-02-07
Updated
2019-10-03
KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network.
Max CVSS
7.5
EPSS Score
0.18%
Published
2017-06-13
Updated
2019-10-03
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-05-17
Updated
2019-10-03
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.
Max CVSS
7.8
EPSS Score
1.65%
Published
2017-03-27
Updated
2017-03-31
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.
Max CVSS
7.5
EPSS Score
0.07%
Published
2016-12-23
Updated
2016-12-27
Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.
Max CVSS
7.5
EPSS Score
0.81%
Published
2016-12-23
Updated
2016-12-27
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
Max CVSS
7.5
EPSS Score
1.44%
Published
2016-08-02
Updated
2016-11-28
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
Max CVSS
7.0
EPSS Score
0.04%
Published
2017-07-25
Updated
2017-07-31
The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument.
Max CVSS
7.2
EPSS Score
0.04%
Published
2014-12-06
Updated
2016-12-07
kde-workspace before 4.10.5 has a memory leak in plasma desktop
Max CVSS
7.8
EPSS Score
0.81%
Published
2019-12-10
Updated
2019-12-17
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
Max CVSS
7.5
EPSS Score
10.16%
Published
2012-08-20
Updated
2023-02-13
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Max CVSS
7.5
EPSS Score
0.08%
Published
2009-09-08
Updated
2012-01-19
KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a .avi file with certain large "indx truck size" and nEntriesInuse values.
Max CVSS
7.1
EPSS Score
2.51%
Published
2007-09-18
Updated
2018-10-15
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.
Max CVSS
7.8
EPSS Score
0.16%
Published
2007-03-21
Updated
2008-09-05
KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Max CVSS
7.8
EPSS Score
5.62%
Published
2007-03-06
Updated
2018-10-16
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
Max CVSS
7.8
EPSS Score
0.06%
Published
2006-06-15
Updated
2024-01-21
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
Max CVSS
7.5
EPSS Score
17.27%
Published
2006-01-20
Updated
2018-10-19
67 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!