Kde Kde

Do you want an email whenever new security vulnerabilities are reported in Kde?

By the Year

In 2024 there have been 0 vulnerabilities in Kde . Kde did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 1 8.80
2019 0 0.00
2018 0 0.00

It may take a day or so for new Kde vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Kde Security Vulnerabilities

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3

CVE-2012-4512 8.8 - High - February 08, 2020

The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."

Object Type Confusion

The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could

CVE-2005-1920 7.5 - High - July 26, 2005

The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.

Improper Preservation of Permissions

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher

CVE-2004-1491 - December 31, 2004

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could

CVE-2004-0689 7.1 - High - September 28, 2004

KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.

insecure temporary file

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which

CVE-2002-0862 - October 04, 2002

The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS.

Improper Certificate Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows 98 or by Kde? Click the Watch button to subscribe.

Kde
Vendor

Kde
Product

subscribe