Vulnerabilites related to kde - kde_sc
Vulnerability from fkie_nvd
Published
2010-03-03 19:30
Modified
2025-04-11 00:51
Severity ?
Summary
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D84A35-4355-4BBB-BC67-A455EDC8A213",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en workspace/krunner/lock/lockdlg.cc en el m\u00f3dulo de bloqueo KRunner en kdebase en KDE SC 4.4.0 permite a atacantes pr\u00f3ximos f\u00edsicamente evitar el bloqueo de pantalla KScreenSaver y acceder a un ordenador presionando la tecla Enter durante un cierto tiempo, en relaci\u00f3n con m\u00faltiples procesos bifurcados (forked)."
}
],
"id": "CVE-2010-0923",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-03T19:30:00.917",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.kde.org/show_bug.cgi?id=226449"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=126598163422670\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=126599909614401\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=oss-security\u0026m=126600468622421\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38600"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1023641"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://websvn.kde.org/?revision=1089213\u0026view=revision"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://websvn.kde.org/?view=revision\u0026revision=1089241"
},
{
"source": "cve@mitre.org",
"url": "http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213\u0026r2=1089212\u0026pathrev=1089213"
},
{
"source": "cve@mitre.org",
"url": "http://www.kde.org/info/security/advisory-20100217-1.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/02/17/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0409"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.kde.org/show_bug.cgi?id=217882"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=579280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.kde.org/show_bug.cgi?id=226449"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=126598163422670\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=126599909614401\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=126600468622421\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/38600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://websvn.kde.org/?revision=1089213\u0026view=revision"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://websvn.kde.org/?view=revision\u0026revision=1089241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213\u0026r2=1089212\u0026pathrev=1089213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.kde.org/info/security/advisory-20100217-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/02/17/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0409"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.kde.org/show_bug.cgi?id=217882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=579280"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-18 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.1 | |
| kde | kde_sc | 4.4.2 | |
| kde | kde_sc | 4.4.3 | |
| kde | kde_sc | 4.4.4 | |
| kde | kde_sc | 4.4.5 | |
| kde | kde_sc | 4.5.0 | |
| kde | kde_sc | 4.5.1 | |
| kde | kde_sc | 4.5.2 | |
| kde | kde_sc | 4.5.3 | |
| kde | kde_sc | 4.5.4 | |
| kde | kde_sc | 4.5.5 | |
| kde | kde_sc | 4.6 | |
| kde | kde_sc | 4.6 | |
| kde | kde_sc | 4.6 | |
| kde | kde_sc | 4.6 | |
| kde | kde_sc | 4.6.0 | |
| kde | kde_sc | 4.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D84A35-4355-4BBB-BC67-A455EDC8A213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DDC30651-790E-48C9-B979-5948B72B92CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3C0B5127-B5F9-490D-90E6-79963555472B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CE030856-57FE-4FA0-BE88-5D038C24E927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB2B3EC5-713F-4996-8532-DBCEE7D32481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CACB3D53-D2B4-4105-816A-3B286C57B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "376563D6-9847-4596-8E7F-A1B4E4437DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF01B401-CDAF-4853-B582-EC13A352A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59FFB800-D27D-4B7F-A895-C757B18B3201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE342C5-6E49-4755-BC09-FAA51523199C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F5F040-4B36-45FA-B730-98E4F0BB59BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4D61AB-0779-4D26-8024-8A3826D92D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AF44C7-111A-47C1-AF0C-F02BBA9A8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EFA68C-DDF6-4261-B179-8AADC40ED9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A69631D8-3ED7-414B-AF55-AD94361E1948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D18DFB35-684E-493F-8ED8-F3C9A0A0BD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "552DC1C8-906D-4687-BD5E-4E5E6157920A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6:beta1:*:*:*:*:*:*",
"matchCriteriaId": "13656B17-85C2-4EEE-AB94-FCAB8388098F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A5E7A2FA-0221-46EC-A4DA-B11223DF46D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8FC0F7F7-0880-4CFD-8B9B-C17C35C78B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47E83142-5F28-47EB-AAD8-84922853D560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD81D2-BCAD-4230-BD02-C38F7EE8AF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F3E300-B7D7-4A3F-8DEF-4BBD9E98DBE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n KHTMLPart::htmlError en khtml/khtml_part.cpp en Konqueror en KDE SC v4.4.0 hasta v4.6.1, permite a usuarios remotos inyectar script o HTML de su elecci\u00f3n a trav\u00e9s de URI en una URL correspondiente a una sitio web no disponible."
}
],
"id": "CVE-2011-1168",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-18T18:55:00.970",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44065"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44108"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8208"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1025322"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.329727"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20110411-1.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:075"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/517432/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/517433/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/47304"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1110-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0927"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0928"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0990"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695398"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1025322"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.329727"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20110411-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517432/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517433/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1110-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66697"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-08-30 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32EB3F1E-9745-4D31-AC8B-B85418A9215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "096EA629-5CA5-42B6-B6BF-9B401623D411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B411BAA5-A57C-43D7-B99D-BBF90AAA0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "939121D6-2E82-4E9C-8D2E-753A48A2DBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67C346-02AA-4719-BFD1-D6D5357B2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD07C23-B63D-43A1-9930-B04938CE2A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D84A35-4355-4BBB-BC67-A455EDC8A213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "376563D6-9847-4596-8E7F-A1B4E4437DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF01B401-CDAF-4853-B582-EC13A352A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59FFB800-D27D-4B7F-A895-C757B18B3201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE342C5-6E49-4755-BC09-FAA51523199C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F5F040-4B36-45FA-B730-98E4F0BB59BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4D61AB-0779-4D26-8024-8A3826D92D0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file."
},
{
"lang": "es",
"value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funcionalidad de descompresi\u00f3n RLE de la funci\u00f3n TranscribePalmImageToJPEG en generators/plucker/inplug/image.cpp de Okular en KDE SC v4.3.0 hasta la versi\u00f3n v4.5.0. Permite a usuarios remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una imagen modificada en un fichero PDB."
}
],
"id": "CVE-2010-2575",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-08-30T21:00:02.093",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40952"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/41086"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/41132"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-109/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.340142"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20100825-1.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:162"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.osvdb.org/67454"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/513341/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.ubuntu.com/usn/USN-979-1"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2178"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2179"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2010/2202"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2010/2206"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2010/2219"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2010/2230"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627289"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/41132"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-109/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.340142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20100825-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/67454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/513341/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-979-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2178"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61371"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-15 17:30
Modified
2025-04-11 00:51
Severity ?
Summary
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kde_sc:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "501B4E7A-CA9A-42CD-B6A7-77EFD66A52A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D5052839-1F42-4816-95C9-FB33DAA29701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D70FA8B9-9F99-4524-961C-2EE8C0AA864F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "692D0AC5-E946-4D6D-999E-44C66FAEB5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32EB3F1E-9745-4D31-AC8B-B85418A9215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "096EA629-5CA5-42B6-B6BF-9B401623D411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67C346-02AA-4719-BFD1-D6D5357B2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD07C23-B63D-43A1-9930-B04938CE2A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D84A35-4355-4BBB-BC67-A455EDC8A213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "376563D6-9847-4596-8E7F-A1B4E4437DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF01B401-CDAF-4853-B582-EC13A352A4B2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en backend/ctrl.c en KDM en KDE Software Compilation (SC) v2.2.0 hasta v4.4.2 permite a usuarios locales cambiar de ficheros a su elecci\u00f3n, y consecuentemente obtener privelegios, bloqueando el borrado de varios directorios que contienen sockets de control, relacionado con la interacci\u00f3n inadecuada con ksm. \r\n"
}
],
"id": "CVE-2010-0436",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-15T17:30:00.477",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0348.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39419"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39481"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/39506"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2010/dsa-2037"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20100413-1.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/39467"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0879"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570613"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57823"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0348.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39481"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2010/dsa-2037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20100413-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9999"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-09-16 19:14
Modified
2025-04-11 00:51
Severity ?
Summary
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kde-workspace:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0569889F-8059-4319-A20A-FD7A3809EE1E",
"versionEndIncluding": "4.10.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D88BC24E-31F5-435C-9F07-AAAAF755AA19",
"versionEndIncluding": "4.10.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass."
},
{
"lang": "es",
"value": "KDE-Workspace 4.10.5 y anteriores no gestiona de forma adecuada el valor de retorno de glibc 2.17 crypt y funciones pw_encrypt, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio \n(referencia a puntero nulo y cuelgue) a trav\u00e9s de (1) un \"salt\" invalido o una contrase\u00f1a cifrada, cuando FIPS-140 est\u00e1 habilitado, para KDM o una (4) contrase\u00f1a no v\u00e1lida para KCheckPass."
}
],
"id": "CVE-2013-4132",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-09-16T19:14:38.520",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/117"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q3/120"
},
{
"source": "secalert@redhat.com",
"url": "https://git.reviewboard.kde.org/r/111261/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q3/120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://git.reviewboard.kde.org/r/111261/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-17 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.1 | |
| kde | kde_sc | 4.0.2 | |
| kde | kde_sc | 4.0.3 | |
| kde | kde_sc | 4.0.4 | |
| kde | kde_sc | 4.0.5 | |
| kde | kde_sc | 4.1.0 | |
| kde | kde_sc | 4.1.0 | |
| kde | kde_sc | 4.1.0 | |
| kde | kde_sc | 4.1.0 | |
| kde | kde_sc | 4.1.0 | |
| kde | kde_sc | 4.1.1 | |
| kde | kde_sc | 4.1.2 | |
| kde | kde_sc | 4.1.3 | |
| kde | kde_sc | 4.1.4 | |
| kde | kde_sc | 4.1.80 | |
| kde | kde_sc | 4.1.85 | |
| kde | kde_sc | 4.1.96 | |
| kde | kde_sc | 4.2 | |
| kde | kde_sc | 4.2 | |
| kde | kde_sc | 4.2.0 | |
| kde | kde_sc | 4.2.1 | |
| kde | kde_sc | 4.2.2 | |
| kde | kde_sc | 4.2.3 | |
| kde | kde_sc | 4.2.4 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.1 | |
| kde | kde_sc | 4.3.2 | |
| kde | kde_sc | 4.3.3 | |
| kde | kde_sc | 4.3.4 | |
| kde | kde_sc | 4.3.5 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.1 | |
| kde | kde_sc | 4.4.2 | |
| kde | kde_sc | 4.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA5ADAB-9FBC-4785-A47E-B40D73A56853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "678A4353-ED2E-44CC-8A20-C215D0F82DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "17C8F0A4-1679-410E-B445-9AF26705318C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A639B21F-5CD6-4F64-855B-A832EBE877E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "08475868-59F9-4D17-8322-7827A08EBCCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B99AD5C2-707D-40A7-A36D-C132952FFAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A0B385A1-6728-4FBF-92E6-57F31DC47FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2946F3D1-4AA4-4B45-B3CE-0E4FD9241735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C285D1B-7BF8-4975-BBA4-1D6862B29EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F93D6A0C-E87C-413F-A27D-039765CBCEC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C29EA2DC-C308-45AE-96EB-5979BFDC9DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA168-EBB4-487E-8FB4-2B3EE17A4FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AFDB85F6-C71C-4EE9-8C75-9BAFB7C8C243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B14A2BB-CE7E-4D24-8EB1-B25432BC95AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB880E4-9E8D-4A55-8829-2E6C08502F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "C88B3F03-59CD-435B-A58B-C6C09A6063A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49E37E6A-2773-49D9-8503-1D6B2A42F2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DC47CA15-8868-4CC5-8C12-68429BF88A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "7A9EE07F-DA83-4DEC-BE81-3C597BED273C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33CFD9E-D0D9-4A9B-8A48-AAEF96F43C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D70FA8B9-9F99-4524-961C-2EE8C0AA864F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF32A58-4E0B-41AF-9129-352A0322E922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1888CC58-3F5C-407B-BF2E-E7899C1B7828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "105CAB1E-D97D-4217-8801-C098C69006B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.85:*:*:*:*:*:*:*",
"matchCriteriaId": "F17A6896-7425-4582-92E2-B357181A2C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.96:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F1A08-C678-493D-A9CB-84AC70A69423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BBAA496B-834F-4322-8081-08A4B042A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2:rc:*:*:*:*:*:*",
"matchCriteriaId": "84E66D2A-F6DF-41E3-BFBC-C3E5A54616E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8807A9BE-2ECE-4A14-BCD7-59036C46C826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1FFCDE-F569-47D3-9E0D-94096EE0E16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "692D0AC5-E946-4D6D-999E-44C66FAEB5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB038BD-B89D-4C9F-8AEB-B65F62ECAC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9594B2F9-6B74-4CA8-A43B-EAE4B19293C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32EB3F1E-9745-4D31-AC8B-B85418A9215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BECE4B3A-E481-4CE0-B5CE-9842DB47C8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0740C404-69A7-45AD-AD99-4B8AD09FD09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3242128C-7653-4E6C-A72D-62D033632154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EFDC84F-F851-4D28-AE64-9ED99389023C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "80B35884-311B-4FAF-AC8D-5F886A86CAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "096EA629-5CA5-42B6-B6BF-9B401623D411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B411BAA5-A57C-43D7-B99D-BBF90AAA0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "939121D6-2E82-4E9C-8D2E-753A48A2DBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67C346-02AA-4719-BFD1-D6D5357B2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD07C23-B63D-43A1-9930-B04938CE2A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D84A35-4355-4BBB-BC67-A455EDC8A213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DDC30651-790E-48C9-B979-5948B72B92CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3C0B5127-B5F9-490D-90E6-79963555472B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CE030856-57FE-4FA0-BE88-5D038C24E927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB2B3EC5-713F-4996-8532-DBCEE7D32481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CACB3D53-D2B4-4105-816A-3B286C57B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "376563D6-9847-4596-8E7F-A1B4E4437DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF01B401-CDAF-4853-B582-EC13A352A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59FFB800-D27D-4B7F-A895-C757B18B3201",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3, permite a atacantes remotos crear ficheros de su elecci\u00f3n al utilizar caracteres .. (punto punto) en el atributo nombre de un elemento fichero en un fichero metalink."
}
],
"evaluatorSolution": "Per: http://www.kde.org/info/security/advisory-20100513-1.txt\r\n\r\n\u0027Patches have been committed to the KDE Subversion repository in the\r\n following revision numbers:\r\n\r\n 4.3 branch: r1126227\r\n 4.4 branch: r1124974\r\n Trunk: r1124976\u0027\r\n",
"id": "CVE-2010-1000",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-17T21:00:01.297",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://osvdb.org/64690"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39528"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39787"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42423"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-69/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securitytracker.com/id?1023984"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:098"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/511281/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/40141"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2011/1101"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/64690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-69/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511281/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58628"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-04 23:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BCD40E7-772E-43D4-8078-FFAFEB8333EA",
"versionEndIncluding": "2.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95C030CD-A25E-4613-B669-BBAD5B8BCF8D",
"versionEndIncluding": "4.7.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C09CE-7311-481E-8F8C-69563F05324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC222E8-A9F1-4397-BB06-165133DF8F95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D50324-50BA-4E94-994E-8DEAAB4928FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E880AA7A-5081-4FD0-890C-21BCEB1208D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "7118F616-25CA-4E34-AA13-4D14BB62419F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en Ark 4.7.x y anteriores permite a atacantes remotos eliminar y forzar la visualizaci\u00f3n de archivos arbitrarios a trav\u00e9s de secuencias .. (punto punto) en un archivo zip."
}
],
"id": "CVE-2011-2725",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-02-04T23:55:03.533",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2011/Oct/351"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1276-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=708268"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2011/Oct/351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1276-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=708268"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725764"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-11-29 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD81D2-BCAD-4230-BD02-C38F7EE8AF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F3E300-B7D7-4A3F-8DEF-4BBD9E98DBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2672B305-4AC2-436E-900F-1FEC16FCF633",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A47E7C34-880F-4C49-81D4-92414212CEF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1C9C92-0913-444E-9043-8DDEF7714A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EDFDA428-2489-44A1-81D2-149177134E18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F1C09CE-7311-481E-8F8C-69563F05324F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC222E8-A9F1-4397-BB06-165133DF8F95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text."
},
{
"lang": "es",
"value": "La API KDE SSL Wrapper (KSSL) en KDE SC v4.6.0 hasta 4.7.1 y posiblemente versiones anteriores, no utiilizan una fuente concreta cuando renderizan los campos de certificado en un di\u00e1logo de seguridad, lo que permite a atacantes remotos falsificar el nombre com\u00fan (CN) de un certificado a trav\u00e9s de un texto enriquecido."
}
],
"id": "CVE-2011-3365",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-29T17:55:01.247",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20111003-1.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:162"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1364.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1385.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20111003-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1364.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1385.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743054"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-05-17 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kde | kget | 2.4.2 | |
| kde | kde_sc | 2.2.0 | |
| kde | kde_sc | 3.5.10 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.0 | |
| kde | kde_sc | 4.0.1 | |
| kde | kde_sc | 4.0.2 | |
| kde | kde_sc | 4.0.3 | |
| kde | kde_sc | 4.0.4 | |
| kde | kde_sc | 4.0.5 | |
| kde | kde_sc | 4.1.0 | |
| kde | kde_sc | 4.1.0 | |
| kde | kde_sc | 4.1.0 | |
| kde | kde_sc | 4.1.0 | |
| kde | kde_sc | 4.1.0 | |
| kde | kde_sc | 4.1.1 | |
| kde | kde_sc | 4.1.2 | |
| kde | kde_sc | 4.1.3 | |
| kde | kde_sc | 4.1.4 | |
| kde | kde_sc | 4.1.80 | |
| kde | kde_sc | 4.1.85 | |
| kde | kde_sc | 4.1.96 | |
| kde | kde_sc | 4.2 | |
| kde | kde_sc | 4.2 | |
| kde | kde_sc | 4.2.0 | |
| kde | kde_sc | 4.2.1 | |
| kde | kde_sc | 4.2.2 | |
| kde | kde_sc | 4.2.3 | |
| kde | kde_sc | 4.2.4 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.0 | |
| kde | kde_sc | 4.3.1 | |
| kde | kde_sc | 4.3.2 | |
| kde | kde_sc | 4.3.3 | |
| kde | kde_sc | 4.3.4 | |
| kde | kde_sc | 4.3.5 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.0 | |
| kde | kde_sc | 4.4.1 | |
| kde | kde_sc | 4.4.2 | |
| kde | kde_sc | 4.4.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kget:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6199E818-1535-4EC2-94BA-40D4FCE9D545",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kde_sc:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "501B4E7A-CA9A-42CD-B6A7-77EFD66A52A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D5052839-1F42-4816-95C9-FB33DAA29701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA5ADAB-9FBC-4785-A47E-B40D73A56853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "678A4353-ED2E-44CC-8A20-C215D0F82DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "17C8F0A4-1679-410E-B445-9AF26705318C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A639B21F-5CD6-4F64-855B-A832EBE877E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "08475868-59F9-4D17-8322-7827A08EBCCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B99AD5C2-707D-40A7-A36D-C132952FFAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A0B385A1-6728-4FBF-92E6-57F31DC47FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2946F3D1-4AA4-4B45-B3CE-0E4FD9241735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C285D1B-7BF8-4975-BBA4-1D6862B29EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F93D6A0C-E87C-413F-A27D-039765CBCEC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C29EA2DC-C308-45AE-96EB-5979BFDC9DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA168-EBB4-487E-8FB4-2B3EE17A4FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AFDB85F6-C71C-4EE9-8C75-9BAFB7C8C243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B14A2BB-CE7E-4D24-8EB1-B25432BC95AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB880E4-9E8D-4A55-8829-2E6C08502F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "C88B3F03-59CD-435B-A58B-C6C09A6063A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49E37E6A-2773-49D9-8503-1D6B2A42F2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DC47CA15-8868-4CC5-8C12-68429BF88A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "7A9EE07F-DA83-4DEC-BE81-3C597BED273C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33CFD9E-D0D9-4A9B-8A48-AAEF96F43C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D70FA8B9-9F99-4524-961C-2EE8C0AA864F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF32A58-4E0B-41AF-9129-352A0322E922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1888CC58-3F5C-407B-BF2E-E7899C1B7828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "105CAB1E-D97D-4217-8801-C098C69006B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.85:*:*:*:*:*:*:*",
"matchCriteriaId": "F17A6896-7425-4582-92E2-B357181A2C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.96:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F1A08-C678-493D-A9CB-84AC70A69423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BBAA496B-834F-4322-8081-08A4B042A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2:rc:*:*:*:*:*:*",
"matchCriteriaId": "84E66D2A-F6DF-41E3-BFBC-C3E5A54616E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8807A9BE-2ECE-4A14-BCD7-59036C46C826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1FFCDE-F569-47D3-9E0D-94096EE0E16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "692D0AC5-E946-4D6D-999E-44C66FAEB5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB038BD-B89D-4C9F-8AEB-B65F62ECAC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9594B2F9-6B74-4CA8-A43B-EAE4B19293C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32EB3F1E-9745-4D31-AC8B-B85418A9215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BECE4B3A-E481-4CE0-B5CE-9842DB47C8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0740C404-69A7-45AD-AD99-4B8AD09FD09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3242128C-7653-4E6C-A72D-62D033632154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EFDC84F-F851-4D28-AE64-9ED99389023C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "80B35884-311B-4FAF-AC8D-5F886A86CAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "096EA629-5CA5-42B6-B6BF-9B401623D411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B411BAA5-A57C-43D7-B99D-BBF90AAA0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "939121D6-2E82-4E9C-8D2E-753A48A2DBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67C346-02AA-4719-BFD1-D6D5357B2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD07C23-B63D-43A1-9930-B04938CE2A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D84A35-4355-4BBB-BC67-A455EDC8A213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DDC30651-790E-48C9-B979-5948B72B92CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3C0B5127-B5F9-490D-90E6-79963555472B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CE030856-57FE-4FA0-BE88-5D038C24E927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB2B3EC5-713F-4996-8532-DBCEE7D32481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CACB3D53-D2B4-4105-816A-3B286C57B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "376563D6-9847-4596-8E7F-A1B4E4437DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF01B401-CDAF-4853-B582-EC13A352A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59FFB800-D27D-4B7F-A895-C757B18B3201",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file."
},
{
"lang": "es",
"value": "KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3 no solicita de forma adecuada la confirmaci\u00f3n de descarga por parte del usuario, lo que facilita a atacantes remotos sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s un fichero metalik manipulado."
}
],
"id": "CVE-2010-1511",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-17T21:00:01.327",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://osvdb.org/64689"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39528"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39787"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-70/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://securitytracker.com/id?1023984"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/40141"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/64689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2010-70/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/40141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-27 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kde_sc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3232475A-5D2E-403B-8D08-29BE74FB492E",
"versionEndIncluding": "4.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "501B4E7A-CA9A-42CD-B6A7-77EFD66A52A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:3.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D5052839-1F42-4816-95C9-FB33DAA29701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA5ADAB-9FBC-4785-A47E-B40D73A56853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "678A4353-ED2E-44CC-8A20-C215D0F82DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "17C8F0A4-1679-410E-B445-9AF26705318C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "A639B21F-5CD6-4F64-855B-A832EBE877E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "08475868-59F9-4D17-8322-7827A08EBCCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B99AD5C2-707D-40A7-A36D-C132952FFAF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "A0B385A1-6728-4FBF-92E6-57F31DC47FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2946F3D1-4AA4-4B45-B3CE-0E4FD9241735",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3C285D1B-7BF8-4975-BBA4-1D6862B29EC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F93D6A0C-E87C-413F-A27D-039765CBCEC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C29EA2DC-C308-45AE-96EB-5979BFDC9DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FBA168-EBB4-487E-8FB4-2B3EE17A4FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AFDB85F6-C71C-4EE9-8C75-9BAFB7C8C243",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7B14A2BB-CE7E-4D24-8EB1-B25432BC95AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DB880E4-9E8D-4A55-8829-2E6C08502F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "C88B3F03-59CD-435B-A58B-C6C09A6063A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "49E37E6A-2773-49D9-8503-1D6B2A42F2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "DC47CA15-8868-4CC5-8C12-68429BF88A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "7A9EE07F-DA83-4DEC-BE81-3C597BED273C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F33CFD9E-D0D9-4A9B-8A48-AAEF96F43C9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D70FA8B9-9F99-4524-961C-2EE8C0AA864F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF32A58-4E0B-41AF-9129-352A0322E922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1888CC58-3F5C-407B-BF2E-E7899C1B7828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "105CAB1E-D97D-4217-8801-C098C69006B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.85:*:*:*:*:*:*:*",
"matchCriteriaId": "F17A6896-7425-4582-92E2-B357181A2C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.1.96:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F1A08-C678-493D-A9CB-84AC70A69423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2:beta2:*:*:*:*:*:*",
"matchCriteriaId": "BBAA496B-834F-4322-8081-08A4B042A9F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2:rc:*:*:*:*:*:*",
"matchCriteriaId": "84E66D2A-F6DF-41E3-BFBC-C3E5A54616E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8807A9BE-2ECE-4A14-BCD7-59036C46C826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C1FFCDE-F569-47D3-9E0D-94096EE0E16D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "692D0AC5-E946-4D6D-999E-44C66FAEB5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB038BD-B89D-4C9F-8AEB-B65F62ECAC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9594B2F9-6B74-4CA8-A43B-EAE4B19293C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32EB3F1E-9745-4D31-AC8B-B85418A9215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BECE4B3A-E481-4CE0-B5CE-9842DB47C8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "0740C404-69A7-45AD-AD99-4B8AD09FD09B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3242128C-7653-4E6C-A72D-62D033632154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8EFDC84F-F851-4D28-AE64-9ED99389023C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "80B35884-311B-4FAF-AC8D-5F886A86CAFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "096EA629-5CA5-42B6-B6BF-9B401623D411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B411BAA5-A57C-43D7-B99D-BBF90AAA0867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "939121D6-2E82-4E9C-8D2E-753A48A2DBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B67C346-02AA-4719-BFD1-D6D5357B2C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8FD07C23-B63D-43A1-9930-B04938CE2A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D84A35-4355-4BBB-BC67-A455EDC8A213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "DDC30651-790E-48C9-B979-5948B72B92CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "3C0B5127-B5F9-490D-90E6-79963555472B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CE030856-57FE-4FA0-BE88-5D038C24E927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "FB2B3EC5-713F-4996-8532-DBCEE7D32481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "CACB3D53-D2B4-4105-816A-3B286C57B229",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "376563D6-9847-4596-8E7F-A1B4E4437DA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF01B401-CDAF-4853-B582-EC13A352A4B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "59FFB800-D27D-4B7F-A895-C757B18B3201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2BE342C5-6E49-4755-BC09-FAA51523199C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F7F5F040-4B36-45FA-B730-98E4F0BB59BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F4D61AB-0779-4D26-8024-8A3826D92D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AF44C7-111A-47C1-AF0C-F02BBA9A8534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8EFA68C-DDF6-4261-B179-8AADC40ED9CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A69631D8-3ED7-414B-AF55-AD94361E1948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D18DFB35-684E-493F-8ED8-F3C9A0A0BD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "552DC1C8-906D-4687-BD5E-4E5E6157920A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6:beta1:*:*:*:*:*:*",
"matchCriteriaId": "13656B17-85C2-4EEE-AB94-FCAB8388098F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A5E7A2FA-0221-46EC-A4DA-B11223DF46D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8FC0F7F7-0880-4CFD-8B9B-C17C35C78B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6:rc2:*:*:*:*:*:*",
"matchCriteriaId": "47E83142-5F28-47EB-AAD8-84922853D560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1DD81D2-BCAD-4230-BD02-C38F7EE8AF17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kde_sc:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F3E300-B7D7-4A3F-8DEF-4BBD9E98DBE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funci\u00f3n KGetMetalink::File::isValidNameAttr en ui/metalinkcreator/metalinker.cpp en KGet en KDE SC v4.6.2 y anteriores, permite a atacantes remotos crear ficheros de su elecci\u00f3n a trav\u00e9s de un .. (punto punto) en el atributo de nombre de un elemento de archivo en un archivo de Metalink. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2010-1000."
}
],
"id": "CVE-2011-1586",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-27T00:55:04.727",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/04/15/9"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44124"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44329"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468\u0026r2=1227467\u0026pathrev=1227468"
},
{
"source": "secalert@redhat.com",
"url": "http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469\u0026r2=1227468\u0026pathrev=1227469"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471\u0026r2=1227470\u0026pathrev=1227471"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:081"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0465.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/usn-1114-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1019"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1021"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/1135"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697042"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66826"
},
{
"source": "secalert@redhat.com",
"url": "https://launchpad.net/bugs/757526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/04/15/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468\u0026r2=1227467\u0026pathrev=1227468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469\u0026r2=1227468\u0026pathrev=1227469"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471\u0026r2=1227470\u0026pathrev=1227471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:081"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0465.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-1114-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/1021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66826"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/bugs/757526"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-2575 (GCVE-0-2010-2575)
Vulnerability from cvelistv5
Published
2010-08-30 20:00
Modified
2024-08-07 02:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-979-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-979-1"
},
{
"name": "ADV-2010-2178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2178"
},
{
"name": "ADV-2010-2202",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2202"
},
{
"name": "ADV-2010-2219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2219"
},
{
"name": "41132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41132"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20100825-1.txt"
},
{
"name": "20100825 Secunia Research: KDE Okular PDB Parsing RLE Decompression Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/513341/100/0/threaded"
},
{
"name": "FEDORA-2010-13661",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html"
},
{
"name": "SSA:2010-240-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.340142"
},
{
"name": "FEDORA-2010-13629",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html"
},
{
"name": "okularpdb-imagecpp-bo(61371)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61371"
},
{
"name": "ADV-2010-2206",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2206"
},
{
"name": "MDVSA-2010:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:162"
},
{
"name": "67454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/67454"
},
{
"name": "ADV-2010-2230",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2230"
},
{
"name": "41086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41086"
},
{
"name": "ADV-2010-2179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2179"
},
{
"name": "40952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40952"
},
{
"name": "SUSE-SR:2010:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2010-109/"
},
{
"name": "FEDORA-2010-13589",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "USN-979-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-979-1"
},
{
"name": "ADV-2010-2178",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2178"
},
{
"name": "ADV-2010-2202",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2202"
},
{
"name": "ADV-2010-2219",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2219"
},
{
"name": "41132",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41132"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20100825-1.txt"
},
{
"name": "20100825 Secunia Research: KDE Okular PDB Parsing RLE Decompression Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/513341/100/0/threaded"
},
{
"name": "FEDORA-2010-13661",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html"
},
{
"name": "SSA:2010-240-03",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.340142"
},
{
"name": "FEDORA-2010-13629",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html"
},
{
"name": "okularpdb-imagecpp-bo(61371)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61371"
},
{
"name": "ADV-2010-2206",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2206"
},
{
"name": "MDVSA-2010:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:162"
},
{
"name": "67454",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/67454"
},
{
"name": "ADV-2010-2230",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2230"
},
{
"name": "41086",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41086"
},
{
"name": "ADV-2010-2179",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2179"
},
{
"name": "40952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40952"
},
{
"name": "SUSE-SR:2010:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2010-109/"
},
{
"name": "FEDORA-2010-13589",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627289"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-2575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-979-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-979-1"
},
{
"name": "ADV-2010-2178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2178"
},
{
"name": "ADV-2010-2202",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2202"
},
{
"name": "ADV-2010-2219",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2219"
},
{
"name": "41132",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41132"
},
{
"name": "http://www.kde.org/info/security/advisory-20100825-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20100825-1.txt"
},
{
"name": "20100825 Secunia Research: KDE Okular PDB Parsing RLE Decompression Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/513341/100/0/threaded"
},
{
"name": "FEDORA-2010-13661",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html"
},
{
"name": "SSA:2010-240-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2010\u0026m=slackware-security.340142"
},
{
"name": "FEDORA-2010-13629",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html"
},
{
"name": "okularpdb-imagecpp-bo(61371)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61371"
},
{
"name": "ADV-2010-2206",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2206"
},
{
"name": "MDVSA-2010:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:162"
},
{
"name": "67454",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/67454"
},
{
"name": "ADV-2010-2230",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2230"
},
{
"name": "41086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41086"
},
{
"name": "ADV-2010-2179",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2179"
},
{
"name": "40952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40952"
},
{
"name": "SUSE-SR:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
},
{
"name": "http://secunia.com/secunia_research/2010-109/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-109/"
},
{
"name": "FEDORA-2010-13589",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=627289",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=627289"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2010-2575",
"datePublished": "2010-08-30T20:00:00",
"dateReserved": "2010-07-01T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4132 (GCVE-0-2013-4132)
Vulnerability from cvelistv5
Published
2013-09-16 19:00
Modified
2024-08-06 16:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:30:50.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html"
},
{
"name": "[oss-security] 20130716 Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/117"
},
{
"name": "openSUSE-SU-2013:1253",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html"
},
{
"name": "[oss-security] 20130716 Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q3/120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.reviewboard.kde.org/r/111261/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-16T19:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:1291",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html"
},
{
"name": "[oss-security] 20130716 Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/117"
},
{
"name": "openSUSE-SU-2013:1253",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html"
},
{
"name": "[oss-security] 20130716 Re: CVE Request -- kde-workspace 4.10.5 fixing two security flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q3/120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.reviewboard.kde.org/r/111261/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4132",
"datePublished": "2013-09-16T19:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-08-06T16:30:50.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3365 (GCVE-0-2011-3365)
Vulnerability from cvelistv5
Published
2011-11-29 17:00
Modified
2024-08-06 23:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743054"
},
{
"name": "RHSA-2011:1385",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1385.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20111003-1.txt"
},
{
"name": "MDVSA-2011:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:162"
},
{
"name": "RHSA-2011:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1364.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-19T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743054"
},
{
"name": "RHSA-2011:1385",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1385.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20111003-1.txt"
},
{
"name": "MDVSA-2011:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:162"
},
{
"name": "RHSA-2011:1364",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1364.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3365",
"datePublished": "2011-11-29T17:00:00",
"dateReserved": "2011-08-30T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0436 (GCVE-0-2010-0436)
Vulnerability from cvelistv5
Published
2010-04-15 17:00
Modified
2024-08-07 00:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:17.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2037",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-2037"
},
{
"name": "kde-kdm-privilege-escalation(57823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57823"
},
{
"name": "39481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39481"
},
{
"name": "RHSA-2010:0348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2010-0348.html"
},
{
"name": "FEDORA-2010-6605",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570613"
},
{
"name": "39419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39419"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff"
},
{
"name": "SUSE-SR:2010:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20100413-1.txt"
},
{
"name": "39506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39506"
},
{
"name": "ADV-2010-0879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0879"
},
{
"name": "39467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39467"
},
{
"name": "oval:org.mitre.oval:def:9999",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-2037",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-2037"
},
{
"name": "kde-kdm-privilege-escalation(57823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57823"
},
{
"name": "39481",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39481"
},
{
"name": "RHSA-2010:0348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2010-0348.html"
},
{
"name": "FEDORA-2010-6605",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570613"
},
{
"name": "39419",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39419"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff"
},
{
"name": "SUSE-SR:2010:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20100413-1.txt"
},
{
"name": "39506",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39506"
},
{
"name": "ADV-2010-0879",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0879"
},
{
"name": "39467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39467"
},
{
"name": "oval:org.mitre.oval:def:9999",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9999"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0436",
"datePublished": "2010-04-15T17:00:00",
"dateReserved": "2010-01-27T00:00:00",
"dateUpdated": "2024-08-07T00:52:17.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1586 (GCVE-0-2011-1586)
Vulnerability from cvelistv5
Published
2011-04-27 00:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:42.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/757526"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468\u0026r2=1227467\u0026pathrev=1227468"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471\u0026r2=1227470\u0026pathrev=1227471"
},
{
"name": "44124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44124"
},
{
"name": "[oss-security] 20110415 Re: CVE Request: incomplete fix for CVE-2010-1000 in KDE network",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/15/9"
},
{
"name": "ADV-2011-1135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1135"
},
{
"name": "RHSA-2011:0465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0465.html"
},
{
"name": "ADV-2011-1019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1019"
},
{
"name": "44329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44329"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469\u0026r2=1227468\u0026pathrev=1227469"
},
{
"name": "ADV-2011-1021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1021"
},
{
"name": "MDVSA-2011:081",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:081"
},
{
"name": "USN-1114-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-1114-1/"
},
{
"name": "kget-name-directory-traversal(66826)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66826"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/757526"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468\u0026r2=1227467\u0026pathrev=1227468"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471\u0026r2=1227470\u0026pathrev=1227471"
},
{
"name": "44124",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44124"
},
{
"name": "[oss-security] 20110415 Re: CVE Request: incomplete fix for CVE-2010-1000 in KDE network",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/15/9"
},
{
"name": "ADV-2011-1135",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1135"
},
{
"name": "RHSA-2011:0465",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0465.html"
},
{
"name": "ADV-2011-1019",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1019"
},
{
"name": "44329",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44329"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469\u0026r2=1227468\u0026pathrev=1227469"
},
{
"name": "ADV-2011-1021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1021"
},
{
"name": "MDVSA-2011:081",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:081"
},
{
"name": "USN-1114-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-1114-1/"
},
{
"name": "kget-name-directory-traversal(66826)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66826"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697042"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1586",
"datePublished": "2011-04-27T00:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:28:42.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0923 (GCVE-0-2010-0923)
Vulnerability from cvelistv5
Published
2010-03-03 19:00
Modified
2024-09-17 00:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://websvn.kde.org/?view=revision\u0026revision=1089241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.kde.org/show_bug.cgi?id=226449"
},
{
"name": "38600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38600"
},
{
"name": "[oss-security] 20100212 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126600468622421\u0026w=2"
},
{
"name": "[oss-security] 20100212 Re: CVE Request: KDE screensaver unlock issue similar to GNOME one",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126599909614401\u0026w=2"
},
{
"name": "[oss-security] 20100217 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/17/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://websvn.kde.org/?revision=1089213\u0026view=revision"
},
{
"name": "[oss-security] 20100212 CVE Request: KDE screensaver unlock issue similar to GNOME one",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=126598163422670\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=579280"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20100217-1.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213\u0026r2=1089212\u0026pathrev=1089213"
},
{
"name": "1023641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023641"
},
{
"name": "ADV-2010-0409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0409"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=217882"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-03-03T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://websvn.kde.org/?view=revision\u0026revision=1089241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.kde.org/show_bug.cgi?id=226449"
},
{
"name": "38600",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38600"
},
{
"name": "[oss-security] 20100212 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126600468622421\u0026w=2"
},
{
"name": "[oss-security] 20100212 Re: CVE Request: KDE screensaver unlock issue similar to GNOME one",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126599909614401\u0026w=2"
},
{
"name": "[oss-security] 20100217 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/02/17/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://websvn.kde.org/?revision=1089213\u0026view=revision"
},
{
"name": "[oss-security] 20100212 CVE Request: KDE screensaver unlock issue similar to GNOME one",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=126598163422670\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=579280"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20100217-1.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213\u0026r2=1089212\u0026pathrev=1089213"
},
{
"name": "1023641",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023641"
},
{
"name": "ADV-2010-0409",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0409"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=217882"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://websvn.kde.org/?view=revision\u0026revision=1089241",
"refsource": "CONFIRM",
"url": "http://websvn.kde.org/?view=revision\u0026revision=1089241"
},
{
"name": "http://bugs.kde.org/show_bug.cgi?id=226449",
"refsource": "CONFIRM",
"url": "http://bugs.kde.org/show_bug.cgi?id=226449"
},
{
"name": "38600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38600"
},
{
"name": "[oss-security] 20100212 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126600468622421\u0026w=2"
},
{
"name": "[oss-security] 20100212 Re: CVE Request: KDE screensaver unlock issue similar to GNOME one",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126599909614401\u0026w=2"
},
{
"name": "[oss-security] 20100217 Re: Re: CVE Request: KDE screensaver unlock issue similar to GNOME one",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/17/3"
},
{
"name": "http://websvn.kde.org/?revision=1089213\u0026view=revision",
"refsource": "CONFIRM",
"url": "http://websvn.kde.org/?revision=1089213\u0026view=revision"
},
{
"name": "[oss-security] 20100212 CVE Request: KDE screensaver unlock issue similar to GNOME one",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=126598163422670\u0026w=2"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=579280",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=579280"
},
{
"name": "http://www.kde.org/info/security/advisory-20100217-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20100217-1.txt"
},
{
"name": "http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213\u0026r2=1089212\u0026pathrev=1089213",
"refsource": "CONFIRM",
"url": "http://websvn.kde.org/trunk/KDE/kdebase/workspace/krunner/lock/lockdlg.cc?r1=1089213\u0026r2=1089212\u0026pathrev=1089213"
},
{
"name": "1023641",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023641"
},
{
"name": "ADV-2010-0409",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0409"
},
{
"name": "https://bugs.kde.org/show_bug.cgi?id=217882",
"refsource": "CONFIRM",
"url": "https://bugs.kde.org/show_bug.cgi?id=217882"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0923",
"datePublished": "2010-03-03T19:00:00Z",
"dateReserved": "2010-03-03T00:00:00Z",
"dateUpdated": "2024-09-17T00:11:48.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1168 (GCVE-0-2011-1168)
Vulnerability from cvelistv5
Published
2011-04-18 18:00
Modified
2024-08-06 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:14:27.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0990",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0990"
},
{
"name": "MDVSA-2011:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:075"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "20110412 Re: [Full-disclosure] Medium severity flaw in Konqueror",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517433/100/0/threaded"
},
{
"name": "44108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44108"
},
{
"name": "47304",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47304"
},
{
"name": "20110411 Medium severity flaw in Konqueror",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517432/100/0/threaded"
},
{
"name": "USN-1110-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1110-1"
},
{
"name": "ADV-2011-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0928"
},
{
"name": "44065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44065"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695398"
},
{
"name": "8208",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8208"
},
{
"name": "konqueror-khtmlparthtmlerror-xss(66697)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66697"
},
{
"name": "ADV-2011-0927",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0927"
},
{
"name": "SSA:2011-101-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.329727"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20110411-1.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc"
},
{
"name": "1025322",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025322"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2011-0990",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0990"
},
{
"name": "MDVSA-2011:075",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:075"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "20110412 Re: [Full-disclosure] Medium severity flaw in Konqueror",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517433/100/0/threaded"
},
{
"name": "44108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44108"
},
{
"name": "47304",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47304"
},
{
"name": "20110411 Medium severity flaw in Konqueror",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517432/100/0/threaded"
},
{
"name": "USN-1110-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1110-1"
},
{
"name": "ADV-2011-0928",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0928"
},
{
"name": "44065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44065"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=695398"
},
{
"name": "8208",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8208"
},
{
"name": "konqueror-khtmlparthtmlerror-xss(66697)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66697"
},
{
"name": "ADV-2011-0927",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0927"
},
{
"name": "SSA:2011-101-02",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.329727"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20110411-1.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nth-dimension.org.uk/pub/NDSA20110321.txt.asc"
},
{
"name": "1025322",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025322"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1168",
"datePublished": "2011-04-18T18:00:00",
"dateReserved": "2011-03-03T00:00:00",
"dateUpdated": "2024-08-06T22:14:27.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1000 (GCVE-0-2010-1000)
Vulnerability from cvelistv5
Published
2010-05-17 20:42
Modified
2024-08-07 01:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "ADV-2011-1101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1101"
},
{
"name": "42423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42423"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"name": "MDVSA-2010:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:098"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2010-69/"
},
{
"name": "kde-name-directory-traversal(58628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58628"
},
{
"name": "20100513 Secunia Research: KDE KGet metalink \"name\" Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511281/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "FEDORA-2011-5211",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html"
},
{
"name": "1023984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "64690",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64690"
},
{
"name": "39787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "40141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "ADV-2011-1101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1101"
},
{
"name": "42423",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42423"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"name": "MDVSA-2010:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:098"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2010-69/"
},
{
"name": "kde-name-directory-traversal(58628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58628"
},
{
"name": "20100513 Secunia Research: KDE KGet metalink \"name\" Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511281/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "FEDORA-2011-5211",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html"
},
{
"name": "1023984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "SUSE-SR:2010:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "64690",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64690"
},
{
"name": "39787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-1000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "ADV-2011-1101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/1101"
},
{
"name": "42423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42423"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"name": "MDVSA-2010:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:098"
},
{
"name": "http://secunia.com/secunia_research/2010-69/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-69/"
},
{
"name": "kde-name-directory-traversal(58628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58628"
},
{
"name": "20100513 Secunia Research: KDE KGet metalink \"name\" Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511281/100/0/threaded"
},
{
"name": "http://www.kde.org/info/security/advisory-20100513-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "FEDORA-2011-5211",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html"
},
{
"name": "1023984",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "SUSE-SR:2010:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
},
{
"name": "64690",
"refsource": "OSVDB",
"url": "http://osvdb.org/64690"
},
{
"name": "39787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2010-1000",
"datePublished": "2010-05-17T20:42:00",
"dateReserved": "2010-03-18T00:00:00",
"dateUpdated": "2024-08-07T01:06:52.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2725 (GCVE-0-2011-2725)
Vulnerability from cvelistv5
Published
2014-02-04 19:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2012:0322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html"
},
{
"name": "20111007 Medium severity flaw with Ark",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2011/Oct/351"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725764"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=708268"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html"
},
{
"name": "USN-1276-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1276-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-04T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2012:0322",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html"
},
{
"name": "20111007 Medium severity flaw with Ark",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2011/Oct/351"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=725764"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.novell.com/show_bug.cgi?id=708268"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html"
},
{
"name": "USN-1276-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1276-1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2725",
"datePublished": "2014-02-04T19:00:00",
"dateReserved": "2011-07-11T00:00:00",
"dateUpdated": "2024-08-06T23:08:23.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1511 (GCVE-0-2010-1511)
Vulnerability from cvelistv5
Published
2010-05-17 20:42
Modified
2024-08-07 01:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2010-70/"
},
{
"name": "kde-metalink-file-overwrite(58629)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "1023984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "64689",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64689"
},
{
"name": "39787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "40141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2010-70/"
},
{
"name": "kde-metalink-file-overwrite(58629)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "1023984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "64689",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64689"
},
{
"name": "39787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-1511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"name": "http://secunia.com/secunia_research/2010-70/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-70/"
},
{
"name": "kde-metalink-file-overwrite(58629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
},
{
"name": "http://www.kde.org/info/security/advisory-20100513-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "1023984",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "64689",
"refsource": "OSVDB",
"url": "http://osvdb.org/64689"
},
{
"name": "39787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2010-1511",
"datePublished": "2010-05-17T20:42:00",
"dateReserved": "2010-04-26T00:00:00",
"dateUpdated": "2024-08-07T01:28:41.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}