Known Vulnerabilities for products from KDE
Listed below are 20 of the newest known vulnerabilities associated with the vendor "KDE".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24986 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-02-26 | 2023-08-08 |
| CVE-2022-23853 json | The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the assoc... | 7.8 - HIGH | 2022-02-11 | 2024-01-15 |
| CVE-2021-38373 json | In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server r... | 5.3 - MEDIUM | 2021-08-10 | 2021-08-20 |
| CVE-2021-38372 json | In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are acc... | 3.7 - LOW | 2021-08-10 | 2021-08-20 |
| CVE-2021-36083 json | KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. | 5.5 - MEDIUM | 2021-07-01 | 2021-07-08 |
| CVE-2021-31855 json | KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypt... | 6.5 - MEDIUM | 2021-06-02 | 2023-11-08 |
| CVE-2021-28117 json | libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dang... | 7.5 - HIGH | 2021-03-20 | 2023-12-28 |
| CVE-2020-27187 json | An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw... | 7.8 - HIGH | 2020-10-26 | 2022-04-28 |
| CVE-2020-26164 json | In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger ... | 5.5 - MEDIUM | 2020-10-07 | 2023-01-31 |
| CVE-2020-24654 json | In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonst... | 3.3 - LOW | 2020-09-02 | 2023-11-07 |
| CVE-2020-16116 json | In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../... | 3.3 - LOW | 2020-08-03 | 2023-11-07 |
| CVE-2020-15954 json | KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption i... | 6.5 - MEDIUM | 2020-07-27 | 2020-07-30 |
| CVE-2020-13152 json | A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger ... | 5.5 - MEDIUM | 2020-05-20 | 2022-04-28 |
| CVE-2020-12755 json | fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if... | 3.3 - LOW | 2020-05-09 | 2021-07-21 |
| CVE-2020-11880 json | An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a ... | 6.5 - MEDIUM | 2020-04-17 | 2020-04-29 |
| CVE-2020-9359 json | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | 5.3 - MEDIUM | 2020-03-24 | 2023-11-07 |
| CVE-2019-14744 json | In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal ... | 7.8 - HIGH | 2019-08-07 | 2023-11-07 |
| CVE-2019-10732 json | In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted m... | 4.3 - MEDIUM | 2019-04-07 | 2022-04-05 |
| CVE-2019-7443 json | KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelp... | 8.1 - HIGH | 2019-05-07 | 2023-11-07 |
| CVE-2018-1000801 json | okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "co... | 5.5 - MEDIUM | 2018-09-06 | 2019-03-20 |
Known software with vulnerabilities from KDE
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Kde | Amarok | 2.8.0 |
| Application | Kde | Ark | 16.12.0 |
| Application | Kde | Discover | 5.10.0 |
| Application | Kde | Karchives | 5.24 |
| Application | Kde | Kauth | 4.100.0 |
| Application | Kde | Kconfig | - |
| Application | Kde | Kde | 4.7.3 |
| Application | Kde | Kde-workspace | 4.10.5 |
| Application | Kde | Kdeconnect | 0.1 |
| Application | Kde | Kdelibs | 3.5.10 |
| Application | Kde | Kde Applications | 14.11.3 |
| Application | Kde | Kde Frameworks | 5.22.0 |
| Application | Kde | Kde Sc | 2.2.0 |
| Application | Kde | Kio-extras | - |
| Application | Kde | Kmail | 16.11.80 |
| Application | Kde | Koffice | 1.2 |
| Application | Kde | Kscreenlocker | 5.5.4 |
| Application | Kde | Ktexteditor | 4.100.0 |
| Application | Kde | Okular | 1.10.0 |
| Application | Kde | Partition Manager | 1.0.0 |