The K Desktop Environment (KDE) (aka) kdelibs is vulnerable to remote code execution. It is due to malicious desktop files and configuration files leading to code execution with minimal user interaction.
lists.opensuse.org/opensuse-security-announce/2019-08/msg00013.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.html
lists.opensuse.org/opensuse-security-announce/2019-08/msg00034.html
packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.html
access.redhat.com/errata/RHSA-2019:2606
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1740042
gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt
lists.debian.org/debian-lts-announce/2019/08/msg00023.html
lists.fedoraproject.org/archives/list/[email protected]/message/5IRIKH7ZWXELIQT6WSLV7EG3VTFWKZPD/
lists.fedoraproject.org/archives/list/[email protected]/message/FNHO6FZRYBQ2R3UCFDGS66F6DNNTKCMM/
lists.fedoraproject.org/archives/list/[email protected]/message/UYKLUSSEK3YJOVQDL6K2LKGS3354UH6L/
lists.fedoraproject.org/archives/list/[email protected]/message/WTFBQRJAU7ITD3TOMPZAUQMYYCAZ6DTX/
lists.fedoraproject.org/archives/list/[email protected]/message/YIDXQ6CUB5E7Y3MJWCUY4VR42QAE6SCJ/
seclists.org/bugtraq/2019/Aug/12
seclists.org/bugtraq/2019/Aug/9
security.gentoo.org/glsa/201908-07
usn.ubuntu.com/4100-1/
www.debian.org/security/2019/dsa-4494
www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/