Kde Sc Security Vulnerabilities and Issues — Kde Sc CVE List

Lucene search

KdeKde Sc

10 matches found

CVE•added 2011/04/18 6:55 p.m.•77 views

CVE-2011-1168

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.

4.3CVSS5.8AI score0.01514EPSS

CVE•added 2014/02/04 11:55 p.m.•66 views

CVE-2011-2725

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

6.8CVSS6.5AI score0.00612EPSS

CVE•added 2010/04/15 5:30 p.m.•61 views

CVE-2010-0436

Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interact...

6.9CVSS8.9AI score0.00026EPSS

CVE•added 2010/08/30 9:0 p.m.•61 views

CVE-2010-2575

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via ...

6.8CVSS8AI score0.05146EPSS

CVE•added 2011/04/27 12:55 a.m.•58 views

CVE-2011-1586

Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this ...

5.8CVSS6.9AI score0.024EPSS

CVE•added 2011/11/29 5:55 p.m.•58 views

CVE-2011-3365

The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

4.3CVSS6.7AI score0.00234EPSS

CVE•added 2010/05/17 9:0 p.m.•56 views

CVE-2010-1000

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

5.8CVSS9.3AI score0.024EPSS

CVE•added 2010/05/17 9:0 p.m.•56 views

CVE-2010-1511

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

6.4CVSS9.2AI score0.06639EPSS

CVE•added 2013/09/16 7:14 p.m.•53 views

CVE-2013-4132

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-...

5CVSS7.4AI score0.00832EPSS

CVE•added 2010/03/03 7:30 p.m.•44 views

CVE-2010-0923

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processe...

6.9CVSS6.7AI score0.00039EPSS