RSS   Vulnerabilities for 'Plasma-workspace'   RSS

2018-02-06
 
CVE-2018-6791

CWE-77
 

 
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.

 
 
CVE-2018-6790

CWE-200
 

 
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.

 
2016-12-23
 
CVE-2016-2312

CWE-254
 

 
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

 
2015-01-26
 
CVE-2015-1308

CWE-200
 

 
kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.

 
 
CVE-2015-1307

CWE-284
 

 
plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.

 

 >>> Vendor: KDE 44 Products
K-mail
KDE
Kde beta 3
KVT
KTV
Kdeutils
Konqueror
Klisa
Kopete
Konqueror embedded
Koffice
KPDF
Kdelibs
Dcopserver
Desktop communication protocol daemon
Quanta
Kdegraphics
Kword
ARTS
Kdebase
Libkhtml
Ksirc
Kmplayer
Kde sc
KGET
Kcheckpass
Kde pim
Kde-workspace
ARK
Kauth
Kde-runtime
Kio-extras
Plasma-desktop
Kde applications
Plasma-workspace
Kde frameworks
Karchives
Kscreenlocker
Kmail
Kde-cli-tools
KIO
Messagelib
Trojita
Okular


Copyright 2019, cxsecurity.com

 

Back to Top