Fedora 21 : kde-runtime-4.14.3-2.fc21 (2014-15618)

New security fix release, insufficient Input Validation By IO Slaves, see also https://www.kde.org/info/security/advisory-20141113-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

Fedora 20 : kde-runtime-4.14.3-2.fc20 (2014-15532)

New security fix release, insufficient Input Validation By IO Slaves, see also https://www.kde.org/info/security/advisory-20141113-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...

IO Slaves KDE Insufficient Input Validation

Vulnerability title: Insufficient Input Validation By IO Slaves In KDE e.V. KDE CVE: CVE-2014-8600 Vendor: KDE e.V. Product: KDE Affected version: kwebkitpart alert"$proto"+document.domain;" done Further details at:...

KDE <= 4.3.2 Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/36845/info KDE is prone to multiple input-validation vulnerabilities that affect 'Ark', 'IO Slaves', and 'Kmail'. An attacker can exploit these issues by tricking an unsuspecting victim into opening a malicious file. A...

KDE XMLHttpRequest安全绕过和kioslave输入验证漏洞

KDE是一款UNIX工下开源图形桌面环境。 KDE存在多个安全漏洞，具体如下： Ark输入过滤错误： KDE归档工具，由于不充分的校验可导致特殊构建的归档文件，使用未知的MIME类型，当使用KHTML实例渲染时，可触发不可控的XMLHTTPRequests给远程站点。 IO Slaves输入过滤错误： KDE协议处理器执行不充分的输入校验，攻击者可以构建恶意URI可触发JavaScript执行，另外'help://'协议处理器存在目录遍历攻击。不过注意此问题的恶意URI不能嵌入在Internet域内容中。 KMail输入过滤错误：...

FreeBSD : KDE -- multiple vulnerabilities (6f358f5a-c7ea-11de-a9f3-0030843d3802)

oCERT reports : Ark input sanitization errors: The KDE archiving tool, Ark, performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. IO Slaves...

KDE -- multiple vulnerabilities

oCERT reports: Ark input sanitization errors: The KDE archiving tool, Ark, performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. IO Slaves inp...

[oCERT-2009-015] KDE multiple issues

2009-015 KDE multiple issues Description: KDE, an open source desktop environment, suffers from several bugs that pose a security risk. The oCERT team was contacted by Portcullis Security requesting help in handling a series of issues reported to the KDE project back in July 2007. Because of an...

KDE 4.3.2 - Multiple Input Validation Vulnerabilities

KDE 4.3.2 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/36845/info KDE is prone to multiple input-validation vulnerabilities that affect 'Ark', 'IO Slaves', and 'Kmail'. An attacker can exploit these issues by tricking an unsuspecting victim into opening a...

KDE 4.3.2 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/36845/info KDE is prone to multiple input-validation vulnerabilities that affect 'Ark', 'IO Slaves', and 'Kmail'. An attacker can exploit these issues by tricking an unsuspecting victim into opening a malicious file. A successful attack will allow arbitra...