Lucene search
K
KdeKde Sc

10 matches found

CVE
CVE
added 2011/04/18 6:0 p.m.110 views

CVE-2011-1168

CVE-2011-1168 describes an XSS vulnerability in Konqueror’s KDE SC 4.4.0–4.6.1 due to the KHTMLPart::htmlError handling. The flaw allows a remote attacker to inject arbitrary script/HTML by crafting the URI of an unavailable web site, via the error page rendering path in KHTML/KDelibs. Several co...

4.3CVSS5.8AI score0.02673EPSS
CVE
CVE
added 2011/11/29 5:0 p.m.98 views

CVE-2011-3365

CVE-2011-3365 affects KDE Libraries (KDE SC) where the KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0–4.7.1 (and possibly earlier) renders certificate fields in a security dialog using the wrong font, allowing remote attackers to spoof the certificate's common name (CN) via rich text. Connected advis...

4.3CVSS6.7AI score0.01134EPSS
CVE
CVE
added 2010/04/15 5:0 p.m.86 views

CVE-2010-0436

CVE-2010-0436 is a KDE KDM local privilege-escalation via a race condition in backend/ctrl.c; affects KDE SC 2.2.0–4.4.2, enabling a local user to change permissions of arbitrary files by blocking removal of a directory containing a control socket (ksm interaction). The issue is acknowledged in m...

6.9CVSS8.9AI score0.00279EPSS
CVE
CVE
added 2014/02/04 7:0 p.m.80 views

CVE-2011-2725

CVE-2011-2725 is a directory traversal vulnerability in Ark 4.7.x and earlier. A malicious zip file containing ".." sequences can cause remote attackers to delete or force the display of arbitrary files. Several advisories reference an Ark path traversal vulnerability (ARK) and cite the same CVE,...

6.8CVSS6.5AI score0.02952EPSS
CVE
CVE
added 2011/04/27 12:0 a.m.79 views

CVE-2011-1586

CVE-2011-1586 details (from provided docs): A directory traversal vulnerability in KDE’s KGet component (KGetMetalink::File::isValidNameAttr in ui/metalinkcreator/metalinker.cpp) affects KDE SC 4.6.2 and earlier. The issue allows remote attackers to create arbitrary files by using a .. (dot dot) ...

5.8CVSS6.9AI score0.03119EPSS
CVE
CVE
added 2010/08/30 8:0 p.m.74 views

CVE-2010-2575

CVE-2010-2575 affects Okular (KDE SC 4.3.0–4.5.0). A heap-based overflow in the RLE decompression path (TranscribePalmImageToJPEG in generators/plucker/inplug/image.cpp) can be triggered by a crafted image inside a PDB/PDF, enabling either a crash or remote arbitrary code execution. Multiple conn...

6.8CVSS8AI score0.04652EPSS
CVE
CVE
added 2010/05/17 8:42 p.m.70 views

CVE-2010-1000

CVE-2010-1000 affects KDE SC KGet (KDENETWORK) with directory traversal in the metalink file’s name attribute, enabling remote attackers to create arbitrary files via crafted metalink entries. Affected: KDE SC 4.0.0–4.4.3; vulnerability in KGetMetalink::File::isValidNameAttr. Impact: potential ar...

5.8CVSS9.3AI score0.03849EPSS
CVE
CVE
added 2010/05/17 8:42 p.m.69 views

CVE-2010-1511

CVE-2010-1511 affects KGet 2.4.2 within KDE SC 4.0.0–4.4.3. The flaw arises from not properly requesting download confirmation when processing a metalink, enabling a remote attacker to overwrite arbitrary files via a crafted metalink. CVSS metrics from NVD indicate Network access, Low attack comp...

6.4CVSS9.2AI score0.03323EPSS
CVE
CVE
added 2013/09/16 7:0 p.m.69 views

CVE-2013-4132

CVE-2013-4132 affects KDE Workspace kdebase4-workspace 4.10.5 and earlier. The issue is a NULL pointer dereference in the crypt()/pw_encrypt paths when handling certain salts or DES/MD5 passwords, exploitable to cause a denial of service (crash) in KDM or KCheckPass when FIPS-140 is enabled. Publ...

5CVSS7.4AI score0.02413EPSS
CVE
CVE
added 2010/03/03 7:0 p.m.61 views

CVE-2010-0923

The CVE-2010-0923 entry concerns KDE KDE SC 4.4.0, specifically the KRunner lock module’s file workspace/krunner/lock/lockdlg.cc. A race condition involving multiple forked processes can let physically proximate attackers bypass the KScreenSaver and access an unattended workstation by pressing th...

6.9CVSS6.7AI score0.00283EPSS