22 matches found
RHEL 6 : kdelibs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kdelibs: prints passwords contained in HTTP URLs in error messages CVE-2013-2074 - kf5-kio, kdelibs:...
RHEL 5 : kdelibs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName CVE-2009-2702 - kf5-ki...
SUSE CVE-2017-6410
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic Authentication credentials, a query string, or PATHINFO, which allows remote attackers to obtain sensitive information via a crafted PAC file...
Mageia: Security Advisory (MGASA-2017-0079)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 952-1] kde4libs security update
Package : kde4libs Version : 4:4.8.4-4+deb7u3 CVE ID : CVE-2013-2074 CVE-2017-6410 CVE-2017-8422 Debian Bug : 856890 Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following...
Debian DSA-3849-1 : kde4libs - security update
Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-6410 Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not...
[SECURITY] [DSA 3849-1] kde4libs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3849-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3849-1] kde4libs security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3849-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2017 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3849-1 (kde4libs - security update)
Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-6410 Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not sanitiz...
Debian: Security Advisory (DSA-3849-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : kdelibs4 / kio (openSUSE-2017-334)
This update for kdelibs4, kio fixes the following issues : - CVE-2017-6410: Information Leak when accessing https when using a malicious PAC file boo1027520 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...
OPENSUSE-SU-2017:0680-1 Security update for kdelibs4, kio
This update for kdelibs4, kio fixes the following issues: - CVE-2017-6410: Information Leak when accessing https when using a malicious PAC file boo1027520...
Fedora 24 : kdelibs3 (2017-01eed6fe8c)
This kdelibs3 KDE 3 compatibility libraries update fixes the security issues : - CVE-2016-6232 karchive: Extraction of tar files possible to arbitrary system locations - CVE-2017-6410 kio: Information Leak when accessing https when using a malicious PAC file for the KDE 3 compatibility libraries...
Fedora 24 : 6:kdelibs (2017-b011e8c922)
Security fix for CVE-2017-6410 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
Fedora 25 : kdelibs3 (2017-4f4eef4791)
This kdelibs3 KDE 3 compatibility libraries update fixes the security issues : - CVE-2016-6232 karchive: Extraction of tar files possible to arbitrary system locations - CVE-2017-6410 kio: Information Leak when accessing https when using a malicious PAC file for the KDE 3 compatibility libraries...
Fedora 25 : 6:kdelibs (2017-53338ece0c)
Security fix for CVE-2017-6410 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
Fedora 25 : kf5-kio (2017-f9ab92fa6c)
Security fix for CVE-2017-6410 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
Fedora Update for kdelibs FEDORA-2017-53338ece0c
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for kf5-kio FEDORA-2017-f9ab92fa6c
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-6410
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL potentially including Basic Authentication credentials, a query string, or PATHINFO, which allows remote attackers to obtain sensitive information via a crafted PAC file...