10 matches found
CVE-2011-1168
CVE-2011-1168 describes an XSS vulnerability in Konqueror’s KDE SC 4.4.0–4.6.1 due to the KHTMLPart::htmlError handling. The flaw allows a remote attacker to inject arbitrary script/HTML by crafting the URI of an unavailable web site, via the error page rendering path in KHTML/KDelibs. Several co...
CVE-2011-3365
CVE-2011-3365 affects KDE Libraries (KDE SC) where the KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0–4.7.1 (and possibly earlier) renders certificate fields in a security dialog using the wrong font, allowing remote attackers to spoof the certificate's common name (CN) via rich text. Connected advis...
CVE-2010-0436
CVE-2010-0436 is a KDE KDM local privilege-escalation via a race condition in backend/ctrl.c; affects KDE SC 2.2.0–4.4.2, enabling a local user to change permissions of arbitrary files by blocking removal of a directory containing a control socket (ksm interaction). The issue is acknowledged in m...
CVE-2011-2725
CVE-2011-2725 is a directory traversal vulnerability in Ark 4.7.x and earlier. A malicious zip file containing ".." sequences can cause remote attackers to delete or force the display of arbitrary files. Several advisories reference an Ark path traversal vulnerability (ARK) and cite the same CVE,...
CVE-2011-1586
CVE-2011-1586 details (from provided docs): A directory traversal vulnerability in KDE’s KGet component (KGetMetalink::File::isValidNameAttr in ui/metalinkcreator/metalinker.cpp) affects KDE SC 4.6.2 and earlier. The issue allows remote attackers to create arbitrary files by using a .. (dot dot) ...
CVE-2010-2575
CVE-2010-2575 affects Okular (KDE SC 4.3.0–4.5.0). A heap-based overflow in the RLE decompression path (TranscribePalmImageToJPEG in generators/plucker/inplug/image.cpp) can be triggered by a crafted image inside a PDB/PDF, enabling either a crash or remote arbitrary code execution. Multiple conn...
CVE-2010-1000
CVE-2010-1000 affects KDE SC KGet (KDENETWORK) with directory traversal in the metalink file’s name attribute, enabling remote attackers to create arbitrary files via crafted metalink entries. Affected: KDE SC 4.0.0–4.4.3; vulnerability in KGetMetalink::File::isValidNameAttr. Impact: potential ar...
CVE-2010-1511
CVE-2010-1511 affects KGet 2.4.2 within KDE SC 4.0.0–4.4.3. The flaw arises from not properly requesting download confirmation when processing a metalink, enabling a remote attacker to overwrite arbitrary files via a crafted metalink. CVSS metrics from NVD indicate Network access, Low attack comp...
CVE-2013-4132
CVE-2013-4132 affects KDE Workspace kdebase4-workspace 4.10.5 and earlier. The issue is a NULL pointer dereference in the crypt()/pw_encrypt paths when handling certain salts or DES/MD5 passwords, exploitable to cause a denial of service (crash) in KDM or KCheckPass when FIPS-140 is enabled. Publ...
CVE-2010-0923
The CVE-2010-0923 entry concerns KDE KDE SC 4.4.0, specifically the KRunner lock module’s file workspace/krunner/lock/lockdlg.cc. A race condition involving multiple forked processes can let physically proximate attackers bypass the KScreenSaver and access an unattended workstation by pressing th...