Vulnerabilities for Plasma-workspace (...) - CXSECURITY.COM

Vulnerabilities for 'Plasma-workspace'

2018-02-06

CVE-2018-6791

CWE-78

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.

CVE-2018-6790

CWE-200

An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.

2016-12-23

CVE-2016-2312

CWE-254

Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

2015-01-26

CVE-2015-1308

CWE-200

kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.

CVE-2015-1307

CWE-284

plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.

>>> Vendor: KDE 49 Products

Konqueror embedded

Desktop communication protocol daemon

Kde applications

Plasma-workspace

Partition manager

Copyright 2024, cxsecurity.com