Search Results (117 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0889 11 Debian, Easy Software Products, Gentoo and 8 more 16 Debian Linux, Cups, Linux and 13 more 2026-04-16 N/A
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
CVE-2002-1306 2 Kde, Redhat 3 Kde, Enterprise Linux, Linux 2026-04-16 N/A
Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.
CVE-1999-1096 1 Kde 1 Kde 2026-04-16 N/A
Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.
CVE-1999-1106 1 Kde 1 Kde 2026-04-16 N/A
Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument.
CVE-1999-1107 1 Kde 1 Kde 2026-04-16 N/A
Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.
CVE-2003-0459 2 Kde, Redhat 10 Konqueror, Konqueror Embedded, Analog Real-time Synthesizer and 7 more 2026-04-16 N/A
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
CVE-1999-1270 1 Kde 1 Kde 2026-04-16 N/A
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
CVE-2002-1223 2 Kde, Redhat 2 Kde, Linux 2026-04-16 N/A
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
CVE-2003-0690 2 Kde, Redhat 3 Kde, Enterprise Linux, Linux 2026-04-16 N/A
KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.
CVE-2003-0692 2 Kde, Redhat 3 Kde, Enterprise Linux, Linux 2026-04-16 N/A
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
CVE-2000-0371 1 Kde 1 Kde 2026-04-16 N/A
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
CVE-2000-0393 1 Kde 1 Kde 2026-04-16 N/A
The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.
CVE-2004-1125 4 Easy Software Products, Kde, Redhat and 1 more 4 Cups, Kde, Enterprise Linux and 1 more 2026-04-16 N/A
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
CVE-2004-1165 2 Kde, Redhat 3 Kdelibs, Konqueror, Enterprise Linux 2026-04-16 N/A
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
CVE-2004-1171 3 Kde, Mandrakesoft, Redhat 3 Kde, Mandrake Linux, Fedora Core 2026-04-16 N/A
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
CVE-2000-0460 1 Kde 1 Kde 2026-04-16 N/A
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
CVE-2000-0530 2 Caldera, Kde 2 Openlinux, Kde 2026-04-16 N/A
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
CVE-2004-0690 1 Kde 1 Kde 2026-04-16 N/A
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
CVE-2004-0746 5 Gentoo, Kde, Mandrakesoft and 2 more 6 Linux, Kde, Konqueror and 3 more 2026-04-16 N/A
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
CVE-1999-0780 3 Freebsd, Kde, Linux 3 Freebsd, Kde, Linux Kernel 2026-04-16 N/A
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.