CVE-2025-32898
- EPSS 0.01%
- Veröffentlicht 05.12.2025 00:00:00
- Zuletzt bearbeitet 08.12.2025 18:27:15
The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valen...
CVE-2025-32899
- EPSS 0.02%
- Veröffentlicht 05.12.2025 00:00:00
- Zuletzt bearbeitet 08.12.2025 18:27:15
In KDE Connect before 1.33.0 on Android, a packet can be crafted that causes two paired devices to unpair. Specifically, it is an invalid discovery packet sent over broadcast UDP.
CVE-2025-32901
- EPSS 0.03%
- Veröffentlicht 05.12.2025 00:00:00
- Zuletzt bearbeitet 08.12.2025 18:27:15
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.
CVE-2025-32900
- EPSS 0.01%
- Veröffentlicht 05.12.2025 00:00:00
- Zuletzt bearbeitet 08.12.2025 18:27:15
In the KDE Connect information-exchange protocol before 2025-04-18, a packet can be crafted to temporarily change the displayed information about a device, because broadcast UDP is used. This affects KDE Connect before 1.33.0 on Android, KDE Connect ...
CVE-2020-26164
- EPSS 0.1%
- Veröffentlicht 07.10.2020 19:15:12
- Zuletzt bearbeitet 21.11.2024 05:19:25
In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.