CVE-2020-26164 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
Several issues have been found in kdeconnect <= 20.08.1 where a remote, unauthenticated attacker on the local network can access sensitive information, crash the daemon or possibly execute arbitrary code via a use-after-free.
Group Package Affected Fixed Severity Status Ticket
AVG-1241 kdeconnect 20.08.1-1 20.08.2-1 High Fixed
Date Advisory Group Package Severity Type
18 Oct 2020 ASA-202010-7 AVG-1241 kdeconnect High arbitrary code execution
References
https://www.openwall.com/lists/oss-security/2020/10/13/4
https://kde.org/info/security/advisory-20201002-1.txt
Notes
Workaround
==========

We advise you to stop KDE Connect when on untrusted networks like those on airports or conferences.

Since kdeconnect is dbus activated it is relatively hard to make sure it stays stopped so the brute
force approach is to uninstall the kdeconnect package from your system and then run
    kquitapp5 kdeconnectd
Just install the package again once you're back in a trusted network.