Filtered by vendor Kde
Subscriptions
Filtered by product Kde
Subscriptions
Total
75 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1671 | 1 Kde | 1 Kde | 2026-04-23 | N/A |
| start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. | ||||
| CVE-2007-4569 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2026-04-23 | N/A |
| backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. | ||||
| CVE-2008-1670 | 1 Kde | 1 Kde | 2026-04-23 | N/A |
| Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image. | ||||
| CVE-2008-5698 | 1 Kde | 2 Kde, Konqueror | 2026-04-23 | N/A |
| HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2007-0104 | 2 Kde, Xpdf | 2 Kde, Xpdf | 2026-04-23 | N/A |
| The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | ||||
| CVE-2006-7139 | 1 Kde | 2 K-mail, Kde | 2026-04-23 | N/A |
| Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid free or delete operations. | ||||
| CVE-2007-5963 | 1 Kde | 1 Kde | 2026-04-23 | N/A |
| Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors. | ||||
| CVE-2005-0206 | 15 Ascii, Cstex, Debian and 12 more | 22 Ptex, Cstetex, Debian Linux and 19 more | 2026-04-16 | N/A |
| The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | ||||
| CVE-2004-0690 | 1 Kde | 1 Kde | 2026-04-16 | N/A |
| The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory. | ||||
| CVE-2000-0393 | 1 Kde | 1 Kde | 2026-04-16 | N/A |
| The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute. | ||||
| CVE-2002-1152 | 2 Kde, Redhat | 2 Kde, Linux | 2026-04-16 | N/A |
| Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. | ||||
| CVE-2004-0746 | 5 Gentoo, Kde, Mandrakesoft and 2 more | 6 Linux, Kde, Konqueror and 3 more | 2026-04-16 | N/A |
| Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||||
| CVE-1999-1096 | 1 Kde | 1 Kde | 2026-04-16 | N/A |
| Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable. | ||||
| CVE-1999-1106 | 1 Kde | 1 Kde | 2026-04-16 | N/A |
| Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument. | ||||
| CVE-2003-0204 | 2 Kde, Redhat | 3 Kde, Enterprise Linux, Linux | 2026-04-16 | N/A |
| KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. | ||||
| CVE-2005-0365 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2026-04-16 | N/A |
| The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2005-0205 | 3 Bernd Wuebben, Kde, Redhat | 3 Kppp, Kde, Enterprise Linux | 2026-04-16 | N/A |
| KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp. | ||||
| CVE-2002-2333 | 1 Kde | 1 Kde | 2026-04-16 | N/A |
| Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. | ||||
| CVE-1999-1268 | 1 Kde | 1 Kde | 2026-04-16 | N/A |
| Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. | ||||
| CVE-2002-0970 | 2 Kde, Redhat | 4 Kde, Konqueror, Enterprise Linux and 1 more | 2026-04-16 | N/A |
| The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | ||||