Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Kde Subscribe
Filtered by product Plasma-workspace
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6791 2 Debian, Kde 2 Debian Linux, Plasma-workspace 2019-10-02 7.2 HIGH 6.8 MEDIUM
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
CVE-2018-6790 1 Kde 1 Plasma-workspace 2019-08-06 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.
CVE-2016-2312 3 Fedoraproject, Kde, Opensuse 4 Fedora, Kscreenlocker, Plasma-workspace and 1 more 2018-10-30 4.6 MEDIUM 6.8 MEDIUM
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.
CVE-2015-1307 1 Kde 1 Plasma-workspace 2015-01-26 4.3 MEDIUM N/A
plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.
CVE-2015-1308 1 Kde 2 Kde-workspace, Plasma-workspace 2015-01-26 4.3 MEDIUM N/A
kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.