2 matches found
CVE-2022-23853
The CVE affects KDE Kate before 21.12.2 and KTextEditor before 5.91.0, where the LSP plugin may execute an LSP server binary when opening a file. If the binary is not on PATH, the code may fall back to the binary in the file’s directory due to a misused QProcess API, enabling an untrusted directo...
CVE-2018-10361
CVE-2018-10361 affects KTextEditor 5.34.0 through 5.45.0 (used by Kate). Insecure handling of temporary files in the kauth_ktexteditor_helper service can let an unprivileged local user gain root privileges via a symlink attack when writing a file into another user’s directory. Impact is local pri...