Known Vulnerabilities for products from Kde
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Kde".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-24986 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-02-26 | 2023-08-08 |
| CVE-2022-23853 | The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the assoc... | 7.8 - HIGH | 2022-02-11 | 2024-01-15 |
| CVE-2021-38373 | In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored (and cleartext messages are sent) unless "Server r... | 5.3 - MEDIUM | 2021-08-10 | 2021-08-20 |
| CVE-2021-38372 | In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are acc... | 3.7 - LOW | 2021-08-10 | 2021-08-20 |
| CVE-2021-36083 | KDE KImageFormats 5.70.0 through 5.81.0 has a stack-based buffer overflow in XCFImageFormat::loadTileRLE. | 5.5 - MEDIUM | 2021-07-01 | 2021-07-08 |
| CVE-2021-31855 | KDE Messagelib through 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypt... | 6.5 - MEDIUM | 2021-06-02 | 2023-11-08 |
| CVE-2021-28117 | libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dang... | 7.5 - HIGH | 2021-03-20 | 2023-12-28 |
| CVE-2020-27187 | An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw... | 7.8 - HIGH | 2020-10-26 | 2022-04-28 |
| CVE-2020-26164 | In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger ... | 5.5 - MEDIUM | 2020-10-07 | 2023-01-31 |
| CVE-2020-24654 | In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonst... | 3.3 - LOW | 2020-09-02 | 2023-11-07 |
| CVE-2020-16116 | In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../... | 3.3 - LOW | 2020-08-03 | 2023-11-07 |
| CVE-2020-15954 | KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communication during times when the UI indicates that encryption i... | 6.5 - MEDIUM | 2020-07-27 | 2020-07-30 |
| CVE-2020-13152 | A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger ... | 5.5 - MEDIUM | 2020-05-20 | 2022-04-28 |
| CVE-2020-12755 | fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if... | 3.3 - LOW | 2020-05-09 | 2021-07-21 |
| CVE-2020-11880 | An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a ... | 6.5 - MEDIUM | 2020-04-17 | 2020-04-29 |
| CVE-2020-9359 | KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | 5.3 - MEDIUM | 2020-03-24 | 2023-11-07 |
| CVE-2019-14744 | In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal ... | 7.8 - HIGH | 2019-08-07 | 2023-11-07 |
| CVE-2019-10732 | In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted m... | 4.3 - MEDIUM | 2019-04-07 | 2022-04-05 |
| CVE-2019-7443 | KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelp... | 8.1 - HIGH | 2019-05-07 | 2023-11-07 |
| CVE-2018-1000801 | okular version 18.08 and earlier contains a Directory Traversal vulnerability in function "unpackDocumentArchive(...)" in "co... | 5.5 - MEDIUM | 2018-09-06 | 2019-03-20 |
Known software with vulnerabilities from Kde
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Kde | Amarok | 2.8.0 |
| Application | Kde | Ark | 2.6 |
| Application | Kde | Discover | 5.4.95 |
| Application | Kde | Karchives | 5.24 |
| Application | Kde | Kauth | 4.95.0 |
| Application | Kde | Kconfig | - |
| Application | Kde | Kde | 4.7.3 |
| Application | Kde | Kde Applications | 14.11.3 |
| Application | Kde | Kde Frameworks | 5.22.0 |
| Application | Kde | Kde Sc | 2.2.0 |
| Application | Kde | Kdeconnect | 0.1 |
| Application | Kde | Kdelibs | 3.5.10 |
| Application | Kde | Kde-workspace | 4.2.0 |
| Application | Kde | Kio-extras | - |
| Application | Kde | Kmail | 4.4.0 |
| Application | Kde | Koffice | 1.2 |
| Application | Kde | Kscreenlocker | 5.5.4 |
| Application | Kde | Ktexteditor | 4.99.0 |
| Application | Kde | Okular | 1.8 |
| Application | Kde | Partition Manager | 1.0.0 |