RSS   Vulnerabilities for 'Kdelibs'   RSS

2017-07-25
 
CVE-2015-7543

 

 
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.

 
2017-05-17
 
CVE-2017-8422

CWE-264
 

 
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

 
2017-03-02
 
CVE-2017-6410

CWE-254
 

 
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.

 
2014-08-19
 
CVE-2014-5033

CWE-362
 

 
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."

 
2014-07-01
 
CVE-2014-3494

CWE-200
 

 
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.

 
2014-02-05
 
CVE-2013-2074

CWE-200
 

 
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.

 
2009-09-08
 
CVE-2009-2702

CWE-310
 

 
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

 
2005-01-10
 
CVE-2004-1165

 

 
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

 

 >>> Vendor: KDE 44 Products
K-mail
KDE
Kde beta 3
KVT
KTV
Kdeutils
Konqueror
Klisa
Kopete
Konqueror embedded
Koffice
KPDF
Kdelibs
Dcopserver
Desktop communication protocol daemon
Quanta
Kdegraphics
Kword
ARTS
Kdebase
Libkhtml
Ksirc
Kmplayer
Kde sc
KGET
Kcheckpass
Kde pim
Kde-workspace
ARK
Kauth
Kde-runtime
Kio-extras
Plasma-desktop
Kde applications
Plasma-workspace
Kde frameworks
Karchives
Kscreenlocker
Kmail
Kde-cli-tools
KIO
Messagelib
Trojita
Okular


Copyright 2019, cxsecurity.com

 

Back to Top