CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19516
https://notcve.org/view.php?id=CVE-2018-19516
12 Mar 2020 — messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. El archivo messagepartthemes/default/defaultrenderer.cpp en messagelib en KDE Applications versiones anteriores a 18.12.0, no restringe apropiadamente el manejo de un valor http-equiv="REFRESH". • https://cgit.kde.org/messagelib.git/commit/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp?id=34765909cdf8e55402a8567b48fb288839c61612 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 4%CPEs: 2EXPL: 1CVE-2013-4133
https://notcve.org/view.php?id=CVE-2013-4133
10 Dec 2019 — kde-workspace before 4.10.5 has a memory leak in plasma desktop kde-workspace versiones anteriores a la versión 4.10.5, tiene una pérdida de memoria en el escritorio plasma • http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19120
https://notcve.org/view.php?id=CVE-2018-19120
29 Nov 2018 — The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address. El plugin HTML thumbnailer en aplicaciones KDE en versiones anteriores a la 18.12.0 permite a los atacantes desencadenar conexiones TCP salientes a direcciones IP arbitrarias, lo que conduce a la divulgación de la dirección IP de origen. • https://bugzilla.redhat.com/show_bug.cgi?id=1649420 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-9604
https://notcve.org/view.php?id=CVE-2017-9604
13 Jun 2017 — KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in KDE Applications before 17.04.2, do not ensure that a plugin's sign/encrypt action occurs during use of the Send Later feature, which allows remote attackers to obtain sensitive information by sniffing the network. KDE kmail anterior a la 5.5.2 y messagelib anterior a la 5.5.2, como distribuciones en aplicaciones KDE anteriores a la 17.04.2, no asegura que la acción de firma del plugin ocurre durante el uso de la característica Send Later... • https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7787
https://notcve.org/view.php?id=CVE-2016-7787
23 Dec 2016 — A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. Una linea de comando maliciosamente manipulada para kdesu puede resultar en que el usuario sólo vea parte de los comandos que serán realmente ejecutados como superusuario. • http://lists.opensuse.org/opensuse-updates/2016-10/msg00031.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3100
https://notcve.org/view.php?id=CVE-2016-3100
13 Jul 2016 — kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file. kinit en KDE Frameworks en versiones anteriores a 5.23.0 utiliza permisos débiles (644) para /tmp/xauth-xxx-_y, lo que permite a usuarios locales obtener cookies X11 de otros usuarios y consecuentemente capturar pulsaciones del teclado y posiblemente obtener privilegios leye... • http://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2015-1308
https://notcve.org/view.php?id=CVE-2015-1308
26 Jan 2015 — kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked. kde-workspace 4.2.0 y plasma-workspace anterior a 5.1.95 permiten a atacantes remotos obtener eventos de entradas, y como consecuencia obtener contraseñas, mediante el aprovechamiento del acceso al servidor X cuando la pantalla está bloqueada. • http://secunia.com/advisories/62051 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2013-7252 – Gentoo Linux Security Advisory 201606-19
https://notcve.org/view.php?id=CVE-2013-7252
18 Jan 2015 — kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack. kwalletd en KWallet anterior a las aplicaciones KDE 14.12.0 utiliza Blowfish con el modo ECB en lugar del modo CBC cuando codifica el almacén de contraseñas, lo que facilita a atacantes adivinar las contraseñas a través de un ataque de libro de códigos (codebook). Kwalletd password stores are vuln... • http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 3CVE-2014-8600 – IO Slaves KDE Insufficient Input Validation
https://notcve.org/view.php?id=CVE-2014-8600
19 Nov 2014 — Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is no... • https://packetstorm.news/files/id/129173 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8651 – Ubuntu Security Notice USN-2402-1
https://notcve.org/view.php?id=CVE-2014-8651
11 Nov 2014 — The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. KDE Clock KCM Policykit Helper en kde-workspace anterior a 4.11.14 y plasma-desktop anterior a 5.1.1 permite a usuarios locales ganar privilegios a través de un argumento ntpUtility (ntp utility name) manipulado. David Edmundson discovered that the KDE Clock KCM policykit helper did not properly guard against untrusted ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143781.html • CWE-264: Permissions, Privileges, and Access Controls •