RSS   Podatności dla 'Plasma-workspace'   RSS

2018-02-06
 
CVE-2018-6791

CWE-78
 
 
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.

 
 
CVE-2018-6790

CWE-200
 
 
An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.

 
2016-12-23
 
CVE-2016-2312

CWE-254
 
 
Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

 
2015-01-26
 
CVE-2015-1308

CWE-200
 
 
kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.

 
 
CVE-2015-1307

CWE-284
 
 
plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package.

 

 >>> Vendor: KDE 49 Produkty
K-mail
KDE
Kde beta 3
KVT
KTV
Kdeutils
Konqueror
Klisa
Kopete
Konqueror embedded
Kdebase
Kdelibs
Koffice
KPDF
Dcopserver
Desktop communication protocol daemon
Kmail
Quanta
Kdegraphics
Kword
ARTS
Libkhtml
Ksirc
Amarok
Kmplayer
Kde sc
KGET
Kcheckpass
Kde pim
Kde-workspace
ARK
Trojita
Kauth
Kde-runtime
Kio-extras
Plasma-desktop
Kde applications
Plasma-workspace
Kde frameworks
Karchives
Kscreenlocker
Kde-cli-tools
KIO
Messagelib
Okular
Ktexteditor
Partition manager
Kimageformats
KATE

Copyright 2024, cxsecurity.com

 

Back to Top