Search CVE reports
1 – 6 of 6 results
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect...
2 affected packages
gnome-shell-extension-gsconnect, kdeconnect
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gnome-shell-extension-gsconnect | Needs evaluation | Needs evaluation | Needs evaluation | — |
| kdeconnect | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.
1 affected package
kdeconnect
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kdeconnect | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on...
1 affected package
kdeconnect
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kdeconnect | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP.
1 affected package
kdeconnect
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kdeconnect | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 1 of 3
The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect...
2 affected packages
kdeconnect, gnome-shell-extension-gsconnect
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kdeconnect | Not affected | Not affected | Not affected | Not affected |
| gnome-shell-extension-gsconnect | Not affected | Not affected | Not affected | — |
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.
1 affected package
kdeconnect
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kdeconnect | Vulnerable | Vulnerable | Vulnerable | Vulnerable |