Search criteria
12 vulnerabilities by KDE
CVE-2025-69412 (GCVE-0-2025-69412)
Vulnerability from cvelistv5 – Published: 2025-12-31 23:20 – Updated: 2026-01-02 13:45
VLAI?
Summary
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
Severity ?
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDE | messagelib |
Affected:
0 , < 25.11.90
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-69412",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-02T13:44:55.428456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-02T13:45:18.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "messagelib",
"vendor": "KDE",
"versions": [
{
"lessThan": "25.11.90",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:messagelib:*:*:*:*:*:*:*:*",
"versionEndExcluding": "25.11.90",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-31T23:36:14.430Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/KDE/messagelib/compare/v25.11.80...v25.11.90"
},
{
"url": "https://github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3"
},
{
"url": "https://developers.google.com/safe-browsing/v4"
},
{
"url": "https://developers.google.com/safe-browsing/v4/lookup-api"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-69412",
"datePublished": "2025-12-31T23:20:55.785Z",
"dateReserved": "2025-12-31T23:20:55.535Z",
"dateUpdated": "2026-01-02T13:45:18.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32901 (GCVE-0-2025-32901)
Vulnerability from cvelistv5 – Published: 2025-12-05 00:00 – Updated: 2025-12-05 14:33
VLAI?
Summary
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.
Severity ?
4.3 (Medium)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDE | KDEConnect |
Affected:
0 , < 1.33.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T14:33:45.752580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T14:33:55.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KDEConnect",
"vendor": "KDE",
"versions": [
{
"lessThan": "1.33.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kdeconnect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.33.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:12:40.025Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kdeconnect.kde.org"
},
{
"url": "https://kde.org/info/security/advisory-20250418-4.txt"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32901",
"datePublished": "2025-12-05T00:00:00.000Z",
"dateReserved": "2025-04-14T00:00:00.000Z",
"dateUpdated": "2025-12-05T14:33:55.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32900 (GCVE-0-2025-32900)
Vulnerability from cvelistv5 – Published: 2025-12-05 00:00 – Updated: 2025-12-05 14:14
VLAI?
Summary
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.
Severity ?
4.3 (Medium)
CWE
- CWE-348 - Use of Less Trusted Source
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDE | KDE Connect information-exchange protocol |
Affected:
0 , < 2025-04-18
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T14:14:09.804243Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T14:14:16.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KDE Connect information-exchange protocol",
"vendor": "KDE",
"versions": [
{
"lessThan": "2025-04-18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-348",
"description": "CWE-348 Use of Less Trusted Source",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:34:03.875Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kdeconnect.kde.org"
},
{
"url": "https://kde.org/info/security/advisory-20250418-2.txt"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32900",
"datePublished": "2025-12-05T00:00:00.000Z",
"dateReserved": "2025-04-14T00:00:00.000Z",
"dateUpdated": "2025-12-05T14:14:16.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66270 (GCVE-0-2025-66270)
Vulnerability from cvelistv5 – Published: 2025-12-05 00:00 – Updated: 2025-12-05 17:26
VLAI?
Summary
The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49.
Severity ?
4.7 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDE | KDE Connect protocol |
Affected:
8
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66270",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T17:21:15.449208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T17:26:40.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KDE Connect protocol",
"vendor": "KDE",
"versions": [
{
"status": "affected",
"version": "8",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290 Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:25:41.584Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://invent.kde.org/network/kdeconnect-kde/-/commit/4e53bcdd5d4c28bd9fefd114b807ce35d7b3373e"
},
{
"url": "https://invent.kde.org/network/kdeconnect-android/-/commit/675d2d24a1eb95d15d9e5bde2b7e2271d5ada6a9"
},
{
"url": "https://invent.kde.org/network/kdeconnect-ios/-/commit/6c003c22d04270cabc4b262d399c753d55cf9080"
},
{
"url": "https://github.com/GSConnect/gnome-shell-extension-gsconnect/commit/a38246deec0af50ae218cdc51db32cdd7eb145e3"
},
{
"url": "https://github.com/andyholmes/valent/commit/85f773124a67ed1add79e7465bb088ec667cccce"
},
{
"url": "https://kde.org/info/security/advisory-20251128-1.txt"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-66270",
"datePublished": "2025-12-05T00:00:00.000Z",
"dateReserved": "2025-11-26T00:00:00.000Z",
"dateUpdated": "2025-12-05T17:26:40.066Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32899 (GCVE-0-2025-32899)
Vulnerability from cvelistv5 – Published: 2025-12-05 00:00 – Updated: 2025-12-05 14:34
VLAI?
Summary
In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP.
Severity ?
4.3 (Medium)
CWE
- CWE-1250 - Improper Preservation of Consistency Between Independent Representations of Shared State
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDE | KDEConnect |
Affected:
0 , < 1.33.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T14:34:37.226563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T14:34:45.440Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KDEConnect",
"vendor": "KDE",
"versions": [
{
"lessThan": "1.33.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kdeconnect:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.33.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1250",
"description": "CWE-1250 Improper Preservation of Consistency Between Independent Representations of Shared State",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T04:45:51.898Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kdeconnect.kde.org"
},
{
"url": "https://kde.org/info/security/advisory-20250418-1.txt"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32899",
"datePublished": "2025-12-05T00:00:00.000Z",
"dateReserved": "2025-04-14T00:00:00.000Z",
"dateUpdated": "2025-12-05T14:34:45.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32898 (GCVE-0-2025-32898)
Vulnerability from cvelistv5 – Published: 2025-12-05 00:00 – Updated: 2025-12-05 14:40
VLAI?
Summary
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59.
Severity ?
4.7 (Medium)
CWE
- CWE-331 - Insufficient Entropy
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDE | KDE Connect verification-code protocol |
Affected:
0 , < 2025-04-18
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-05T14:40:10.477197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T14:40:16.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KDE Connect verification-code protocol",
"vendor": "KDE",
"versions": [
{
"lessThan": "2025-04-18",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 59."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331 Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T04:30:35.365Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://kdeconnect.kde.org"
},
{
"url": "https://kde.org/info/security/advisory-20250418-3.txt"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32898",
"datePublished": "2025-12-05T00:00:00.000Z",
"dateReserved": "2025-04-14T00:00:00.000Z",
"dateUpdated": "2025-12-05T14:40:16.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59820 (GCVE-0-2025-59820)
Vulnerability from cvelistv5 – Published: 2025-11-26 00:00 – Updated: 2025-12-06 02:32
VLAI?
Summary
In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative.
Severity ?
6.7 (Medium)
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59820",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T16:35:03.207483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T16:35:11.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-12-06T02:32:10.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/12/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Krita",
"vendor": "KDE",
"versions": [
{
"lessThan": "5.2.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284 Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T05:56:02.180Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://invent.kde.org/graphics/krita/"
},
{
"url": "https://kde.org/info/security/advisory-20250929-1.txt"
},
{
"url": "https://invent.kde.org/graphics/krita/-/commit/6d3651ac4df88efb68e013d21061de9846e83fe8"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59820",
"datePublished": "2025-11-26T00:00:00.000Z",
"dateReserved": "2025-09-22T00:00:00.000Z",
"dateUpdated": "2025-12-06T02:32:10.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-55174 (GCVE-0-2025-55174)
Vulnerability from cvelistv5 – Published: 2025-11-26 00:00 – Updated: 2025-11-26 16:15
VLAI?
Summary
In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly.
Severity ?
CWE
- CWE-684 - Incorrect Provision of Specified Functionality
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-55174",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T16:15:50.995809Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T16:15:56.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Skanpage",
"vendor": "KDE",
"versions": [
{
"lessThan": "25.08.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In KDE Skanpage before 25.08.0, an attempt at file overwrite can result in the contents of the new file at the beginning followed by the partial contents of the old file at the end, because of use of QIODevice::ReadWrite instead of QODevice::WriteOnly."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-684",
"description": "CWE-684 Incorrect Provision of Specified Functionality",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T05:35:15.255Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/KDE/skanpage/tags"
},
{
"url": "https://invent.kde.org/utilities/skanpage/-/commit/de3ad2941054a26920e022dc7c4a3dc16c065b5a"
},
{
"url": "https://kde.org/info/security/advisory-20250811-1.txt"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-55174",
"datePublished": "2025-11-26T00:00:00.000Z",
"dateReserved": "2025-08-08T00:00:00.000Z",
"dateUpdated": "2025-11-26T16:15:56.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-49091 (GCVE-0-2025-49091)
Vulnerability from cvelistv5 – Published: 2025-06-11 00:00 – Updated: 2025-06-18 00:12
VLAI?
Summary
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.
Severity ?
8.2 (High)
CWE
- CWE-670 - Always-Incorrect Control Flow Implementation
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-49091",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:39:14.341137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:40:13.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-06-18T00:12:14.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Konsole",
"vendor": "KDE",
"versions": [
{
"lessThan": "25.04.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-670",
"description": "CWE-670 Always-Incorrect Control Flow Implementation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T00:32:09.368Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://invent.kde.org/utilities/konsole/-/tags"
},
{
"url": "https://konsole.kde.org/changelog.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/06/10/5"
},
{
"url": "https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75"
},
{
"url": "https://kde.org/info/security/advisory-20250609-1.txt"
},
{
"url": "https://proofnet.de/publikationen/konsole_rce.html"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-49091",
"datePublished": "2025-06-11T00:00:00.000Z",
"dateReserved": "2025-05-31T00:00:00.000Z",
"dateUpdated": "2025-06-18T00:12:14.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-57966 (GCVE-0-2024-57966)
Vulnerability from cvelistv5 – Published: 2025-02-03 00:00 – Updated: 2025-02-09 05:02
VLAI?
Summary
libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive.
Severity ?
5 (Medium)
CWE
- CWE-36 - Absolute Path Traversal
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-57966",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T17:02:25.845031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T17:02:38.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-02-09T05:02:36.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ark",
"vendor": "KDE",
"versions": [
{
"lessThan": "24.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-36",
"description": "CWE-36 Absolute Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T04:18:53.872Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/KDE/ark/commit/fe518d81b338941e0bf1c5ce5e75a9ab6de4bb58"
},
{
"url": "https://github.com/KDE/ark/compare/v24.11.90...v24.12.0"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57966",
"datePublished": "2025-02-03T00:00:00.000Z",
"dateReserved": "2025-02-03T00:00:00.000Z",
"dateUpdated": "2025-02-09T05:02:36.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1433 (GCVE-0-2024-1433)
Vulnerability from cvelistv5 – Published: 2024-02-11 23:00 – Updated: 2025-04-24 15:44
VLAI?
Title
KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversal
Summary
A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes.
Severity ?
CWE
- CWE-22 - Path Traversal
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KDE | Plasma Workspace |
Affected:
5.0
Affected: 5.1 Affected: 5.2 Affected: 5.3 Affected: 5.4 Affected: 5.5 Affected: 5.6 Affected: 5.7 Affected: 5.8 Affected: 5.9 Affected: 5.10 Affected: 5.11 Affected: 5.12 Affected: 5.13 Affected: 5.14 Affected: 5.15 Affected: 5.16 Affected: 5.17 Affected: 5.18 Affected: 5.19 Affected: 5.20 Affected: 5.21 Affected: 5.22 Affected: 5.23 Affected: 5.24 Affected: 5.25 Affected: 5.26 Affected: 5.27 Affected: 5.28 Affected: 5.29 Affected: 5.30 Affected: 5.31 Affected: 5.32 Affected: 5.33 Affected: 5.34 Affected: 5.35 Affected: 5.36 Affected: 5.37 Affected: 5.38 Affected: 5.39 Affected: 5.40 Affected: 5.41 Affected: 5.42 Affected: 5.43 Affected: 5.44 Affected: 5.45 Affected: 5.46 Affected: 5.47 Affected: 5.48 Affected: 5.49 Affected: 5.50 Affected: 5.51 Affected: 5.52 Affected: 5.53 Affected: 5.54 Affected: 5.55 Affected: 5.56 Affected: 5.57 Affected: 5.58 Affected: 5.59 Affected: 5.60 Affected: 5.61 Affected: 5.62 Affected: 5.63 Affected: 5.64 Affected: 5.65 Affected: 5.66 Affected: 5.67 Affected: 5.68 Affected: 5.69 Affected: 5.70 Affected: 5.71 Affected: 5.72 Affected: 5.73 Affected: 5.74 Affected: 5.75 Affected: 5.76 Affected: 5.77 Affected: 5.78 Affected: 5.79 Affected: 5.80 Affected: 5.81 Affected: 5.82 Affected: 5.83 Affected: 5.84 Affected: 5.85 Affected: 5.86 Affected: 5.87 Affected: 5.88 Affected: 5.89 Affected: 5.90 Affected: 5.91 Affected: 5.92 Affected: 5.93 |
Credits
VulDB GitHub Commit Analyzer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1433",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-13T15:38:55.464865Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T15:44:57.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:40:21.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.253407"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.253407"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Theme File Handler"
],
"product": "Plasma Workspace",
"vendor": "KDE",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"status": "affected",
"version": "5.1"
},
{
"status": "affected",
"version": "5.2"
},
{
"status": "affected",
"version": "5.3"
},
{
"status": "affected",
"version": "5.4"
},
{
"status": "affected",
"version": "5.5"
},
{
"status": "affected",
"version": "5.6"
},
{
"status": "affected",
"version": "5.7"
},
{
"status": "affected",
"version": "5.8"
},
{
"status": "affected",
"version": "5.9"
},
{
"status": "affected",
"version": "5.10"
},
{
"status": "affected",
"version": "5.11"
},
{
"status": "affected",
"version": "5.12"
},
{
"status": "affected",
"version": "5.13"
},
{
"status": "affected",
"version": "5.14"
},
{
"status": "affected",
"version": "5.15"
},
{
"status": "affected",
"version": "5.16"
},
{
"status": "affected",
"version": "5.17"
},
{
"status": "affected",
"version": "5.18"
},
{
"status": "affected",
"version": "5.19"
},
{
"status": "affected",
"version": "5.20"
},
{
"status": "affected",
"version": "5.21"
},
{
"status": "affected",
"version": "5.22"
},
{
"status": "affected",
"version": "5.23"
},
{
"status": "affected",
"version": "5.24"
},
{
"status": "affected",
"version": "5.25"
},
{
"status": "affected",
"version": "5.26"
},
{
"status": "affected",
"version": "5.27"
},
{
"status": "affected",
"version": "5.28"
},
{
"status": "affected",
"version": "5.29"
},
{
"status": "affected",
"version": "5.30"
},
{
"status": "affected",
"version": "5.31"
},
{
"status": "affected",
"version": "5.32"
},
{
"status": "affected",
"version": "5.33"
},
{
"status": "affected",
"version": "5.34"
},
{
"status": "affected",
"version": "5.35"
},
{
"status": "affected",
"version": "5.36"
},
{
"status": "affected",
"version": "5.37"
},
{
"status": "affected",
"version": "5.38"
},
{
"status": "affected",
"version": "5.39"
},
{
"status": "affected",
"version": "5.40"
},
{
"status": "affected",
"version": "5.41"
},
{
"status": "affected",
"version": "5.42"
},
{
"status": "affected",
"version": "5.43"
},
{
"status": "affected",
"version": "5.44"
},
{
"status": "affected",
"version": "5.45"
},
{
"status": "affected",
"version": "5.46"
},
{
"status": "affected",
"version": "5.47"
},
{
"status": "affected",
"version": "5.48"
},
{
"status": "affected",
"version": "5.49"
},
{
"status": "affected",
"version": "5.50"
},
{
"status": "affected",
"version": "5.51"
},
{
"status": "affected",
"version": "5.52"
},
{
"status": "affected",
"version": "5.53"
},
{
"status": "affected",
"version": "5.54"
},
{
"status": "affected",
"version": "5.55"
},
{
"status": "affected",
"version": "5.56"
},
{
"status": "affected",
"version": "5.57"
},
{
"status": "affected",
"version": "5.58"
},
{
"status": "affected",
"version": "5.59"
},
{
"status": "affected",
"version": "5.60"
},
{
"status": "affected",
"version": "5.61"
},
{
"status": "affected",
"version": "5.62"
},
{
"status": "affected",
"version": "5.63"
},
{
"status": "affected",
"version": "5.64"
},
{
"status": "affected",
"version": "5.65"
},
{
"status": "affected",
"version": "5.66"
},
{
"status": "affected",
"version": "5.67"
},
{
"status": "affected",
"version": "5.68"
},
{
"status": "affected",
"version": "5.69"
},
{
"status": "affected",
"version": "5.70"
},
{
"status": "affected",
"version": "5.71"
},
{
"status": "affected",
"version": "5.72"
},
{
"status": "affected",
"version": "5.73"
},
{
"status": "affected",
"version": "5.74"
},
{
"status": "affected",
"version": "5.75"
},
{
"status": "affected",
"version": "5.76"
},
{
"status": "affected",
"version": "5.77"
},
{
"status": "affected",
"version": "5.78"
},
{
"status": "affected",
"version": "5.79"
},
{
"status": "affected",
"version": "5.80"
},
{
"status": "affected",
"version": "5.81"
},
{
"status": "affected",
"version": "5.82"
},
{
"status": "affected",
"version": "5.83"
},
{
"status": "affected",
"version": "5.84"
},
{
"status": "affected",
"version": "5.85"
},
{
"status": "affected",
"version": "5.86"
},
{
"status": "affected",
"version": "5.87"
},
{
"status": "affected",
"version": "5.88"
},
{
"status": "affected",
"version": "5.89"
},
{
"status": "affected",
"version": "5.90"
},
{
"status": "affected",
"version": "5.91"
},
{
"status": "affected",
"version": "5.92"
},
{
"status": "affected",
"version": "5.93"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user\u0027s home or the installation of third party global themes."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in KDE Plasma Workspace bis 5.93.0 gefunden. Es geht dabei um die Funktion EventPluginsManager::enabledPlugins der Datei components/calendar/eventpluginsmanager.cpp der Komponente Theme File Handler. Dank der Manipulation des Arguments pluginId mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig auszunutzen. Der Patch wird als 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-11T23:00:07.443Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.253407"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.253407"
},
{
"tags": [
"patch"
],
"url": "https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-02-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-02-11T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-02-11T09:54:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "KDE Plasma Workspace Theme File eventpluginsmanager.cpp enabledPlugins path traversal"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-1433",
"datePublished": "2024-02-11T23:00:07.443Z",
"dateReserved": "2024-02-11T08:48:58.569Z",
"dateUpdated": "2025-04-24T15:44:57.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4512 (GCVE-0-2012-4512)
Vulnerability from cvelistv5 – Published: 2020-02-08 18:09 – Updated: 2024-08-06 20:35
VLAI?
Summary
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
Severity ?
No CVSS data available.
CWE
- Other
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:35:09.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/11/11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://quickgit.kde.org/index.php?p=kdelibs.git\u0026a=commitdiff\u0026h=a872c8a969a8bd3706253d6ba24088e4f07f3352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1416.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1418.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027709"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/advisories/51097"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/advisories/51145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Konqueror",
"vendor": "KDE",
"versions": [
{
"status": "affected",
"version": "4.7.3"
}
]
}
],
"datePublic": "2012-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to \"type confusion.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-08T18:09:56.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/11/11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/30/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://quickgit.kde.org/index.php?p=kdelibs.git\u0026a=commitdiff\u0026h=a872c8a969a8bd3706253d6ba24088e4f07f3352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1416.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1418.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securitytracker.com/id?1027709"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/advisories/51097"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/advisories/51145"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-4512",
"datePublished": "2020-02-08T18:09:56.000Z",
"dateReserved": "2012-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:35:09.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}