Vulnerabilites related to kde - kdelibs
Vulnerability from fkie_nvd
Published
2009-09-08 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kdelibs:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF92CC57-A136-4018-A350-44B8416E2111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D9184861-CD72-403A-B217-E58F7375D156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DEE716D-C9EA-4BEB-9B60-A4C4512D9DF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
},
{
"lang": "es",
"value": "KDE KSSL en kdelibs v3.5.4, v4.2.4, y v4.3 no maneja apropiadamente un car\u00e1cter \u0027\\0\u0027 en un nombre de dominio en el campo Nombre de Asunto Alternativo de un certificado X.509, lo que permite a los atacantes \"hombre en el medio\" suplantar un servidor SLL a trav\u00e9s de certificados manipulados emitido por una Autoridad Certificadora leg\u00edtima, un asunto relativo a CVE-2009-2408."
}
],
"id": "CVE-2009-2702",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-09-08T18:30:00.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36468"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:162"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2532"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=520661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/2532"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=520661"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2702\n\nThis issue did not affect kdelibs packages as shipped in Red Hat Enterprise Linux 3 and 4.\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 5.",
"lastModified": "2009-09-18T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kdelibs:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D9414A5-FE37-4B4E-8EA4-2D215B2F8CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FA65FE5A-5CB6-4C7D-91EC-C19EE762531E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0E0A1D62-CE49-4810-91F0-839FE98CE2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E94D0BB-06BF-4E3A-AD7E-3FA68075EF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E5A4DD7A-6E50-4D3B-B667-2068350048AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4888F024-F126-48F1-A12F-1413EF981A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B235AF-BA47-4F82-A3D8-16D70C987E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F8B632D-0A40-4BEE-8CD5-4DD713DACD17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C07A09FC-04EA-4EB8-9292-6D23CAE595EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:konqueror:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED38ED0A-3213-4F0C-A76D-DC88B8E5CFBE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (\"%0a\") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command."
}
],
"id": "CVE-2004-1165",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110245752232681\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-631"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:045"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-009.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2005-065.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110245752232681\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2005-065.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-05 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "529D2FA3-7B25-46A9-B748-03BCBDC1ACA7",
"versionEndIncluding": "4.10.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1BF2C7-0945-4325-9514-F2F37E8CE43B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C7808F-2203-43DF-808C-7A0B85367293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61937C14-55DF-4E30-947D-21EC3F418E62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an \"internal server error,\" which includes the username and password in an error message."
},
{
"lang": "es",
"value": "kioslave/http/http.cpp en KIO en kdelibs 4.10.3 y anteriores permite a atacantes remotos descubrir credenciales a trav\u00e9s de una solicitud manipulada que provoca un \"internal server error,\" el cual incluye el nombre de usuario y contrase\u00f1a en un mensaje de error."
}
],
"id": "CVE-2013-2074",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-05T19:55:28.703",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776"
},
{
"source": "secalert@redhat.com",
"url": "http://ubuntu.com/usn/usn-1842-1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/05/10/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/05/11/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/93244"
},
{
"source": "secalert@redhat.com",
"url": "http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=319428"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961981"
},
{
"source": "secalert@redhat.com",
"url": "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://ubuntu.com/usn/usn-1842-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/05/10/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/05/11/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/93244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=319428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-08-19 18:55
Modified
2025-04-12 10:46
Severity ?
Summary
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | kde4libs | - | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| kde | kauth | * | |
| kde | kdelibs | * | |
| kde | kdelibs | 4.10.0 | |
| kde | kdelibs | 4.10.1 | |
| kde | kdelibs | 4.10.2 | |
| kde | kdelibs | 4.10.3 | |
| kde | kdelibs | 4.10.95 | |
| kde | kdelibs | 4.10.97 | |
| kde | kdelibs | 4.11.0 | |
| kde | kdelibs | 4.11.1 | |
| kde | kdelibs | 4.11.2 | |
| kde | kdelibs | 4.11.3 | |
| kde | kdelibs | 4.11.4 | |
| kde | kdelibs | 4.11.5 | |
| kde | kdelibs | 4.11.80 | |
| kde | kdelibs | 4.11.90 | |
| kde | kdelibs | 4.11.95 | |
| kde | kdelibs | 4.11.97 | |
| kde | kdelibs | 4.12.0 | |
| kde | kdelibs | 4.12.1 | |
| kde | kdelibs | 4.12.2 | |
| kde | kdelibs | 4.12.3 | |
| kde | kdelibs | 4.12.4 | |
| kde | kdelibs | 4.12.5 | |
| kde | kdelibs | 4.12.80 | |
| kde | kdelibs | 4.12.90 | |
| kde | kdelibs | 4.12.95 | |
| kde | kdelibs | 4.12.97 | |
| kde | kdelibs | 4.13.0 | |
| kde | kdelibs | 4.13.1 | |
| kde | kdelibs | 4.13.2 | |
| kde | kdelibs | 4.13.3 | |
| kde | kdelibs | 4.13.80 | |
| kde | kdelibs | 4.13.90 | |
| kde | kdelibs | 4.13.95 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:debian:kde4libs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F69F6CA3-205F-4A3B-B1EE-87A93D87CE81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kauth:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DE7A5C-2C0F-4DD1-90E2-26891DC79575",
"versionEndIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DED2728D-6EC3-4641-9972-F43AB4D1BB72",
"versionEndIncluding": "4.13.97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A1BF2C7-0945-4325-9514-F2F37E8CE43B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C7808F-2203-43DF-808C-7A0B85367293",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61937C14-55DF-4E30-947D-21EC3F418E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7ECC09-0985-44AA-909E-86981CC13A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.95:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7D10AF-E305-41F4-9154-7071E684C6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:*",
"matchCriteriaId": "B34C3204-4A63-4490-ABED-AF83CE3F37E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39EAE85E-BF52-45EA-82D8-BBBC0DE9759C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4D1998-D62F-4D0E-8E6C-33D4760BE69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13CD2D8F-32F6-4AC4-B43C-506724EA6E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4733C600-C5D6-4A5D-A1DF-1F41597F6926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7EBD3A-EDFC-4B8F-9095-5E0670AF991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55EC512F-3F86-40DA-AA7B-034DA9B5DBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:*",
"matchCriteriaId": "08FF236F-A7D5-4D08-8885-BD1889B0D398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5EDED4-34A3-4D2B-A9E7-D980D78E10EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:*",
"matchCriteriaId": "46457BB9-BD24-4437-AFDA-01D25E52410E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:*",
"matchCriteriaId": "52A2D11C-26D2-47F1-9D34-60DB3116C39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A58204C3-0DEC-462B-A6B8-5EC1D9B65729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C767A89D-BA45-4730-BA2D-AAC2BA7436E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5FC4CC-DC0C-44D8-AAF6-A15CF7E6BD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24629660-4066-4362-AD77-080604488303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "718095EE-ADEC-4E28-B678-DA3D636BBE32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3E3729-298F-43C3-9BE0-82072FE47F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FC3277-8410-437F-813A-63254E983A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:*",
"matchCriteriaId": "88E2B874-46DF-4A95-9541-14CF70E2A73D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:*",
"matchCriteriaId": "1A593BA6-D3B2-48EE-AC9E-B84967D03B37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:*",
"matchCriteriaId": "14034B30-9DE0-43EE-A79D-D4FC624D6C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A34BC1E-102D-43EF-A7BD-46E9866B07ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90E66075-D997-4C6D-94AA-DE224B12BB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "33DCF182-2AD8-4267-B425-1B0A7D2BC0EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F572E904-3EE4-4B01-AA7B-EF5F7F643E37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.80:*:*:*:*:*:*:*",
"matchCriteriaId": "033ED945-4E0E-41AA-8B02-3BDCC0F27159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.90:*:*:*:*:*:*:*",
"matchCriteriaId": "C46B58D8-67F7-4920-8512-CB07C7446976",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.95:*:*:*:*:*:*:*",
"matchCriteriaId": "E58C522E-8824-49B7-AAA9-6545E6DD5551",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and \"PID reuse race conditions.\""
},
{
"lang": "es",
"value": "KDE kdelibs anterior a 4.14 y kauth anterior a 5.1 no utilizan debidamente D-Bus para la comunicaci\u00f3n con una autoridad polkit, lo que permite a usuarios locales evadir las restricciones de acceso mediante el aprovechamiento de una condici\u00f3n de carrera PolkitUnixProcess PolkitSubject a trav\u00e9s de un proceso (1) setuid o (2) pkexec, relacionado con el CVE-2013-4288 y \u0027condiciones de carrera de reuso PID.\u0027"
}
],
"id": "CVE-2014-5033",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-08-19T18:55:03.233",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html"
},
{
"source": "cve@mitre.org",
"url": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1359.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60385"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60633"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60654"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-3004"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20140730-1.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2304-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1359.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60633"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20140730-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2304-1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-25 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1280543 | Exploit, Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1280543 | Exploit, Issue Tracking, Patch, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| artsproject | arts | 1.5.10 | |
| kde | kdelibs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:artsproject:arts:1.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "24F76DC7-934E-470D-B757-F31264E67ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "27AC69E4-4879-4EFE-888C-FA15C078FD17",
"versionEndIncluding": "3.5.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory."
},
{
"lang": "es",
"value": "aRts versi\u00f3n 1.5.10 y kdelibs3 versi\u00f3n 3.5.10 y anteriores, no crean apropiadamente los directorios temporales, lo que permite a los usuarios locales secuestrar la IPC mediante la creaci\u00f3n previa del directorio temporal."
}
],
"id": "CVE-2015-7543",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-25T14:29:00.177",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280543"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280543"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-05-17 14:29
Modified
2025-04-20 01:37
Severity ?
Summary
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kauth:*:*:*:*:*:*:*:*",
"matchCriteriaId": "613FFB8B-CF03-4E1C-9D6D-C186A19B9F60",
"versionEndIncluding": "5.33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08C24977-D991-43E7-AF7E-BA489EC00903",
"versionEndIncluding": "4.14.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app."
},
{
"lang": "es",
"value": "KDelibs de KDE antes de 4.14.32 y KAuth antes de 5.34 permiten que los usuarios locales obtengan privilegios de root por spoofing de un callerID y aprovechando una aplicaci\u00f3n de ayuda privilegiada."
}
],
"id": "CVE-2017-8422",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-05-17T14:29:00.387",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/10/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98412"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1038480"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2017:1264"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201706-29"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/42053/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.kde.org/info/security/advisory-20170510-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/98412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1038480"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2017:1264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201706-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/42053/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.kde.org/info/security/advisory-20170510-1.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-290"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-02 06:59
Modified
2025-04-20 01:37
Severity ?
Summary
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D25FB8B5-DAB7-4E0F-A943-C2527F2CF791",
"versionEndIncluding": "4.14.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1908C05-D44E-49AB-B7C7-F750D90FB070",
"versionEndIncluding": "5.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file."
},
{
"lang": "es",
"value": "kpac/script.cpp en KDE kio en versiones anteriores a 5.32 y kdelibs en versiones anteriores a 4.14.30 llama a la funci\u00f3n PAC FindProxyForURL con una URL https completa (incluyendo potencialmente credenciales de autenticaci\u00f3n b\u00e1sicas, una cadena de consulta o PATH_INFO), lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un archivo PAC manipulado."
}
],
"id": "CVE-2017-6410",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-02T06:59:01.183",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/96515"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.kde.org/info/security/advisory-20170228-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/96515"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.kde.org/info/security/advisory-20170228-1.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-319"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-01 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| opensuse | opensuse | 13.1 | |
| kde | kdelibs | 4.10.97 | |
| kde | kdelibs | 4.11.0 | |
| kde | kdelibs | 4.11.1 | |
| kde | kdelibs | 4.11.2 | |
| kde | kdelibs | 4.11.3 | |
| kde | kdelibs | 4.11.4 | |
| kde | kdelibs | 4.11.5 | |
| kde | kdelibs | 4.11.80 | |
| kde | kdelibs | 4.11.90 | |
| kde | kdelibs | 4.11.95 | |
| kde | kdelibs | 4.11.97 | |
| kde | kdelibs | 4.12.0 | |
| kde | kdelibs | 4.12.1 | |
| kde | kdelibs | 4.12.2 | |
| kde | kdelibs | 4.12.3 | |
| kde | kdelibs | 4.12.4 | |
| kde | kdelibs | 4.12.5 | |
| kde | kdelibs | 4.12.80 | |
| kde | kdelibs | 4.12.90 | |
| kde | kdelibs | 4.12.95 | |
| kde | kdelibs | 4.12.97 | |
| kde | kdelibs | 4.13.0 | |
| kde | kdelibs | 4.13.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:*",
"matchCriteriaId": "B34C3204-4A63-4490-ABED-AF83CE3F37E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "39EAE85E-BF52-45EA-82D8-BBBC0DE9759C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B4D1998-D62F-4D0E-8E6C-33D4760BE69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "13CD2D8F-32F6-4AC4-B43C-506724EA6E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4733C600-C5D6-4A5D-A1DF-1F41597F6926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC7EBD3A-EDFC-4B8F-9095-5E0670AF991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "55EC512F-3F86-40DA-AA7B-034DA9B5DBA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:*",
"matchCriteriaId": "08FF236F-A7D5-4D08-8885-BD1889B0D398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5EDED4-34A3-4D2B-A9E7-D980D78E10EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:*",
"matchCriteriaId": "46457BB9-BD24-4437-AFDA-01D25E52410E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:*",
"matchCriteriaId": "52A2D11C-26D2-47F1-9D34-60DB3116C39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A58204C3-0DEC-462B-A6B8-5EC1D9B65729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C767A89D-BA45-4730-BA2D-AAC2BA7436E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5FC4CC-DC0C-44D8-AAF6-A15CF7E6BD5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24629660-4066-4362-AD77-080604488303",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "718095EE-ADEC-4E28-B678-DA3D636BBE32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3E3729-298F-43C3-9BE0-82072FE47F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:*",
"matchCriteriaId": "B6FC3277-8410-437F-813A-63254E983A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:*",
"matchCriteriaId": "88E2B874-46DF-4A95-9541-14CF70E2A73D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:*",
"matchCriteriaId": "1A593BA6-D3B2-48EE-AC9E-B84967D03B37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:*",
"matchCriteriaId": "14034B30-9DE0-43EE-A79D-D4FC624D6C86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A34BC1E-102D-43EF-A7BD-46E9866B07ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90E66075-D997-4C6D-94AA-DE224B12BB2D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate."
},
{
"lang": "es",
"value": "kio/usernotificationhandler.cpp en POP3 kioslave en kdelibs 4.10.95 anterior a 4.13.3 no genera debidamente notificaciones de aviso, lo que permite a atacantes man-in-the-middle obtener informaci\u00f3n sensible a trav\u00e9s de un certificado inv\u00e1lido."
}
],
"id": "CVE-2014-3494",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-01T16:55:02.980",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=bbae87dc1be3ae063796a582774bd5642cacdd5d\u0026hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20140618-1.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/68113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=bbae87dc1be3ae063796a582774bd5642cacdd5d\u0026hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.kde.org/info/security/advisory-20140618-1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68113"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2009-2702 (GCVE-0-2009-2702)
Vulnerability from cvelistv5
Published
2009-09-08 18:00
Modified
2024-08-07 05:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:56.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=520661"
},
{
"name": "MDVSA-2009:330",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"name": "36468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36468"
},
{
"name": "MDVSA-2011:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:162"
},
{
"name": "ADV-2009-2532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2532"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-12-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=520661"
},
{
"name": "MDVSA-2009:330",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"name": "36468",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36468"
},
{
"name": "MDVSA-2011:162",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:162"
},
{
"name": "ADV-2009-2532",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2532"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \u0027\\0\u0027 character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=520661",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=520661"
},
{
"name": "MDVSA-2009:330",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:330"
},
{
"name": "36468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36468"
},
{
"name": "MDVSA-2011:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:162"
},
{
"name": "ADV-2009-2532",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2532"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2702",
"datePublished": "2009-09-08T18:00:00",
"dateReserved": "2009-08-05T00:00:00",
"dateUpdated": "2024-08-07T05:59:56.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6410 (GCVE-0-2017-6410)
Vulnerability from cvelistv5
Published
2017-03-02 06:00
Modified
2024-08-05 15:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3849",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"name": "96515",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96515"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kde.org/info/security/advisory-20170228-1.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3849",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"name": "96515",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96515"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kde.org/info/security/advisory-20170228-1.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3849",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"name": "96515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96515"
},
{
"name": "https://www.kde.org/info/security/advisory-20170228-1.txt",
"refsource": "CONFIRM",
"url": "https://www.kde.org/info/security/advisory-20170228-1.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6410",
"datePublished": "2017-03-02T06:00:00",
"dateReserved": "2017-03-01T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8422 (GCVE-0-2017-8422)
Vulnerability from cvelistv5
Published
2017-05-17 14:00
Modified
2024-08-05 16:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:34:22.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1038480",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038480"
},
{
"name": "42053",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/42053/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.kde.org/info/security/advisory-20170510-1.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647"
},
{
"name": "98412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98412"
},
{
"name": "GLSA-201706-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201706-29"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab"
},
{
"name": "DSA-3849",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a"
},
{
"name": "[oss-security] 20170510 generic kde LPE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/10/3"
},
{
"name": "RHSA-2017:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1038480",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038480"
},
{
"name": "42053",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/42053/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.kde.org/info/security/advisory-20170510-1.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647"
},
{
"name": "98412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98412"
},
{
"name": "GLSA-201706-29",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201706-29"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab"
},
{
"name": "DSA-3849",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a"
},
{
"name": "[oss-security] 20170510 generic kde LPE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/05/10/3"
},
{
"name": "RHSA-2017:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1264"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038480",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038480"
},
{
"name": "42053",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42053/"
},
{
"name": "https://www.kde.org/info/security/advisory-20170510-1.txt",
"refsource": "CONFIRM",
"url": "https://www.kde.org/info/security/advisory-20170510-1.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449647"
},
{
"name": "98412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98412"
},
{
"name": "GLSA-201706-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-29"
},
{
"name": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab",
"refsource": "CONFIRM",
"url": "https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab"
},
{
"name": "DSA-3849",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3849"
},
{
"name": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a",
"refsource": "CONFIRM",
"url": "https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a"
},
{
"name": "[oss-security] 20170510 generic kde LPE",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/05/10/3"
},
{
"name": "RHSA-2017:1264",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1264"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8422",
"datePublished": "2017-05-17T14:00:00",
"dateReserved": "2017-05-02T00:00:00",
"dateUpdated": "2024-08-05T16:34:22.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1165 (GCVE-0-2004-1165)
Vulnerability from cvelistv5
Published
2004-12-10 05:00
Modified
2024-08-08 00:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:01.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2005:065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-065.html"
},
{
"name": "GLSA-200501-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml"
},
{
"name": "oval:org.mitre.oval:def:9645",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645"
},
{
"name": "web-browser-ftp-command-execution(18384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384"
},
{
"name": "DSA-631",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-631"
},
{
"name": "20041205 7a69Adv#16 - Konqueror FTP command injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110245752232681\u0026w=2"
},
{
"name": "RHSA-2005:009",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-009.html"
},
{
"name": "MDKSA-2005:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:045"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (\"%0a\") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2005:065",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-065.html"
},
{
"name": "GLSA-200501-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml"
},
{
"name": "oval:org.mitre.oval:def:9645",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645"
},
{
"name": "web-browser-ftp-command-execution(18384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384"
},
{
"name": "DSA-631",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-631"
},
{
"name": "20041205 7a69Adv#16 - Konqueror FTP command injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110245752232681\u0026w=2"
},
{
"name": "RHSA-2005:009",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-009.html"
},
{
"name": "MDKSA-2005:045",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:045"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline (\"%0a\") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:065",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-065.html"
},
{
"name": "GLSA-200501-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml"
},
{
"name": "oval:org.mitre.oval:def:9645",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9645"
},
{
"name": "web-browser-ftp-command-execution(18384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18384"
},
{
"name": "DSA-631",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-631"
},
{
"name": "20041205 7a69Adv#16 - Konqueror FTP command injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110245752232681\u0026w=2"
},
{
"name": "RHSA-2005:009",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-009.html"
},
{
"name": "MDKSA-2005:045",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:045"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1165",
"datePublished": "2004-12-10T05:00:00",
"dateReserved": "2004-12-09T00:00:00",
"dateUpdated": "2024-08-08T00:39:01.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5033 (GCVE-0-2014-5033)
Vulnerability from cvelistv5
Published
2014-08-19 18:00
Modified
2024-08-06 11:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:34:37.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60385"
},
{
"name": "RHSA-2014:1359",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1359.html"
},
{
"name": "DSA-3004",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3004"
},
{
"name": "USN-2304-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2304-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20140730-1.txt"
},
{
"name": "60654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60654"
},
{
"name": "openSUSE-SU-2014:0981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html"
},
{
"name": "60633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60633"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and \"PID reuse race conditions.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-14T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "60385",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60385"
},
{
"name": "RHSA-2014:1359",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-1359.html"
},
{
"name": "DSA-3004",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3004"
},
{
"name": "USN-2304-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2304-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20140730-1.txt"
},
{
"name": "60654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60654"
},
{
"name": "openSUSE-SU-2014:0981",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html"
},
{
"name": "60633",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60633"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and \"PID reuse race conditions.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60385",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60385"
},
{
"name": "RHSA-2014:1359",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1359.html"
},
{
"name": "DSA-3004",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3004"
},
{
"name": "USN-2304-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2304-1"
},
{
"name": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a",
"refsource": "CONFIRM",
"url": "http://quickgit.kde.org/?p=kauth.git\u0026a=commit\u0026h=341b7d84b6d9c03cf56905cb277b47e11c81482a"
},
{
"name": "http://www.kde.org/info/security/advisory-20140730-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20140730-1.txt"
},
{
"name": "60654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60654"
},
{
"name": "openSUSE-SU-2014:0981",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html"
},
{
"name": "60633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60633"
},
{
"name": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23",
"refsource": "CONFIRM",
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=e4e7b53b71e2659adaf52691d4accc3594203b23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5033",
"datePublished": "2014-08-19T18:00:00",
"dateReserved": "2014-07-22T00:00:00",
"dateUpdated": "2024-08-06T11:34:37.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2074 (GCVE-0-2013-2074)
Vulnerability from cvelistv5
Published
2014-02-05 19:00
Modified
2024-08-06 15:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:39.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130510 CVE request: password exposure in kdelibs when showing \"internal server error\" messages",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/10/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961981"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp"
},
{
"name": "[oss-security] 20130510 Re: CVE request: password exposure in kdelibs when showing \"internal server error\" messages",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/11/2"
},
{
"name": "93244",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/93244"
},
{
"name": "USN-1842-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://ubuntu.com/usn/usn-1842-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=319428"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an \"internal server error,\" which includes the username and password in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-05T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20130510 CVE request: password exposure in kdelibs when showing \"internal server error\" messages",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/10/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=961981"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp"
},
{
"name": "[oss-security] 20130510 Re: CVE request: password exposure in kdelibs when showing \"internal server error\" messages",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/11/2"
},
{
"name": "93244",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/93244"
},
{
"name": "USN-1842-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://ubuntu.com/usn/usn-1842-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.kde.org/show_bug.cgi?id=319428"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2074",
"datePublished": "2014-02-05T19:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:39.169Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3494 (GCVE-0-2014-3494)
Vulnerability from cvelistv5
Published
2014-07-01 16:00
Modified
2024-08-06 10:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:43:06.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2015:0573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "68113",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=bbae87dc1be3ae063796a582774bd5642cacdd5d\u0026hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20140618-1.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-03-25T12:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2015:0573",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"
},
{
"name": "68113",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://quickgit.kde.org/?p=kdelibs.git\u0026a=commitdiff\u0026h=bbae87dc1be3ae063796a582774bd5642cacdd5d\u0026hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20140618-1.txt"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3494",
"datePublished": "2014-07-01T16:00:00",
"dateReserved": "2014-05-14T00:00:00",
"dateUpdated": "2024-08-06T10:43:06.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7543 (GCVE-0-2015-7543)
Vulnerability from cvelistv5
Published
2017-07-25 14:00
Modified
2024-08-06 07:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280543"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-25T13:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1280543"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7543",
"datePublished": "2017-07-25T14:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}