37 matches found
EUVD-2014-8437
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2014-8600
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remot...
SUSE CVE-2014-8600
Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...
Ubuntu: Security Advisory (USN-2414-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : kde-runtime -- kdesu: displayed command truncated by unicode string terminator (41fe4724-06a2-11e7-8e3e-5453ed2e2b49)
Albert Aastals Cid reports : A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extract...
Fedora Update for kde-runtime FEDORA-2015-0564
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : kde-runtime -- incorrect CBC encryption handling (7a8a74d1-9c34-11e4-a40b-5453ed2e2b49)
Valentin Rusu reports : Until KDE Applications 14.12.0, kwalletd incorrectly handled CBC encryption blocks when encrypting secrets in kwl files. The secrets were still encrypted, but the result binary data corresponded to an ECB encrypted block instead of CBC. The ECB encryption algorithm, even i...
Fedora 21 : kde-runtime-4.14.3-3.fc21 (2015-0569)
Pull in upstream fixes for: CVE-2013-7252 kwallet: crypto misuse, and kiosftp corruption Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...
Fedora Update for kde-runtime FEDORA-2015-0569
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for kde-runtime FEDORA-2014-15618
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-8600
Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...
CVE-2014-8600
Removed by vendor...
CVE-2014-8600
CVE-2014-8600 covers multiple XSS vulnerabilities in KDE components: KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier. The issue arises from improper handling of URIs in an error message, allowing an attacker to inject arbitrary web script or HTML vi...
Fedora 21 : kde-runtime-4.14.3-2.fc21 (2014-15618)
New security fix release, insufficient Input Validation By IO Slaves, see also https://www.kde.org/info/security/advisory-20141113-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
[USN-2414-1] KDE-Runtime vulnerability
========================================================================== Ubuntu Security Notice USN-2414-1 November 24, 2014 kde-runtime vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...
Fedora 20 : kde-runtime-4.14.3-2.fc20 (2014-15532)
New security fix release, insufficient Input Validation By IO Slaves, see also https://www.kde.org/info/security/advisory-20141113-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to...
Fedora Update for kde-runtime FEDORA-2014-15532
Check the version of kde-runtime SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868520";...
[SECURITY] Fedora 20 Update: kde-runtime-4.14.3-2.fc20
Core runtime for KDE 4...
Ubuntu 12.04 LTS : kde-runtime vulnerability (USN-2414-1)
Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...