Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
KdeKdelibs

8 matches found

CVE
CVEadded 2009/09/08 6:30 p.m.89 views

CVE-2009-2702

KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification ...

7.5CVSS6AI score0.01236EPSS
CVE
CVEadded 2017/05/17 2:29 p.m.78 views

CVE-2017-8422

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.

7.8CVSS7.3AI score0.00373EPSS
CVE
CVEadded 2017/03/02 6:59 a.m.68 views

CVE-2017-6410

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file...

5.5CVSS5.2AI score0.00288EPSS
CVE
CVEadded 2014/08/19 6:55 p.m.67 views

CVE-2014-5033

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related ...

6.9CVSS7.5AI score0.00034EPSS
CVE
CVEadded 2017/07/25 2:29 p.m.61 views

CVE-2015-7543

aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.

7CVSS6.5AI score0.00103EPSS
CVE
CVEadded 2005/01/10 5:0 a.m.60 views

CVE-2004-1165

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

7.5CVSS7.2AI score0.11107EPSS
CVE
CVEadded 2014/02/05 7:55 p.m.58 views

CVE-2013-2074

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.

5CVSS7.3AI score0.01467EPSS
CVE
CVEadded 2014/07/01 4:55 p.m.57 views

CVE-2014-3494

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.

4.3CVSS8.1AI score0.0018EPSS