Summary
Detail | |||
---|---|---|---|
Vendor | Kde | First view | 2005-01-10 |
Product | Kdelibs | Last view | 2017-07-25 |
Version | Type | ||
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7 | 2017-07-25 | CVE-2015-7543 | aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. |
7.8 | 2017-05-17 | CVE-2017-8422 | KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. |
5.5 | 2017-03-02 | CVE-2017-6410 | kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. |
6.9 | 2014-08-19 | CVE-2014-5033 | KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." |
4.3 | 2014-07-01 | CVE-2014-3494 | kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate. |
5 | 2014-02-05 | CVE-2013-2074 | kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message. |
7.5 | 2009-09-08 | CVE-2009-2702 | KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
7.5 | 2005-01-10 | CVE-2004-1165 | Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
28% (2) | CWE-362 | Race Condition |
28% (2) | CWE-200 | Information Exposure |
14% (1) | CWE-319 | Cleartext Transmission of Sensitive Information |
14% (1) | CWE-310 | Cryptographic Issues |
14% (1) | CWE-290 | Authentication Bypass by Spoofing |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:9645 | Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via... |
oval:org.mitre.oval:def:7682 | DSA-1916 kdelibs -- insufficient input validation |
oval:org.mitre.oval:def:13812 | USN-833-1 -- kde4libs, kdelibs vulnerability |
oval:org.mitre.oval:def:13376 | DSA-1916-1 kdelibs -- insufficient input validation |
oval:org.mitre.oval:def:18275 | USN-1842-1 -- kde4libs vulnerability |
oval:org.mitre.oval:def:26261 | USN-2304-1 -- kde4libs vulnerability |
oval:org.mitre.oval:def:26005 | DSA-3004-1 kde4libs - security update |
oval:org.mitre.oval:def:26969 | ELSA-2014-1359 -- polkit-qt security update |
oval:org.mitre.oval:def:26921 | RHSA-2014:1359: polkit-qt security update (Important) |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
57746 | KDE KSSL X.509 Certificate Authority (CA) Subject Alternative Name Null Byte ... |
12853 | Multiple Browser FTP Client Arbitrary Mail Send |
OpenVAS Exploits
id | Description |
---|---|
2011-11-03 | Name : Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2011_162.nasl |
2011-04-11 | Name : Mandriva Update for kdelibs4 MDVSA-2011:071 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2011_071.nasl |
2010-05-28 | Name : Fedora Update for kdelibs FEDORA-2010-8547 File : nvt/gb_fedora_2010_8547_kdelibs_fc11.nasl |
2010-04-19 | Name : Fedora Update for kdelibs FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdelibs_fc11.nasl |
2010-01-29 | Name : Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2010_027.nasl |
2010-01-29 | Name : Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2010_028.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:330 (kdelibs) File : nvt/mdksa_2009_330.nasl |
2009-10-27 | Name : Debian Security Advisory DSA 1916-1 (kdelibs) File : nvt/deb_1916_1.nasl |
2009-09-15 | Name : Fedora Core 11 FEDORA-2009-9391 (kdelibs3) File : nvt/fcore_2009_9391.nasl |
2009-09-15 | Name : Fedora Core 11 FEDORA-2009-9397 (kdeaccessibility) File : nvt/fcore_2009_9397.nasl |
2009-09-15 | Name : Fedora Core 10 FEDORA-2009-9400 (kdelibs3) File : nvt/fcore_2009_9400.nasl |
2009-09-15 | Name : Fedora Core 10 FEDORA-2009-9427 (akonadi) File : nvt/fcore_2009_9427.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200501-18 (konqueror) File : nvt/glsa_200501_18.nasl |
2008-09-04 | Name : FreeBSD Ports: ja-kdelibs, kdelibs File : nvt/freebsd_ja-kdelibs0.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 631-1 (kdelibs) File : nvt/deb_631_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2017-07-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-dd51077c87.nasl - Type: ACT_GATHER_INFO |
2017-07-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-0898c704a1.nasl - Type: ACT_GATHER_INFO |
2017-07-13 | Name: The remote Virtuozzo host is missing a security update. File: Virtuozzo_VZLSA-2017-1264.nasl - Type: ACT_GATHER_INFO |
2017-06-28 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201706-29.nasl - Type: ACT_GATHER_INFO |
2017-05-26 | Name: The remote Debian host is missing a security update. File: debian_DLA-952.nasl - Type: ACT_GATHER_INFO |
2017-05-23 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2017-1264.nasl - Type: ACT_GATHER_INFO |
2017-05-23 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2017-1264.nasl - Type: ACT_GATHER_INFO |
2017-05-23 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2017-1264.nasl - Type: ACT_GATHER_INFO |
2017-05-23 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20170522_kdelibs_on_SL7_x.nasl - Type: ACT_GATHER_INFO |
2017-05-19 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-1335-1.nasl - Type: ACT_GATHER_INFO |
2017-05-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-8b4898ce81.nasl - Type: ACT_GATHER_INFO |
2017-05-17 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2017-136-02.nasl - Type: ACT_GATHER_INFO |
2017-05-16 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3286-1.nasl - Type: ACT_GATHER_INFO |
2017-05-16 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-575.nasl - Type: ACT_GATHER_INFO |
2017-05-16 | Name: The remote Fedora host is missing a security update. File: fedora_2017-aff6f6bd9d.nasl - Type: ACT_GATHER_INFO |
2017-05-16 | Name: The remote Fedora host is missing a security update. File: fedora_2017-7e3437b905.nasl - Type: ACT_GATHER_INFO |
2017-05-16 | Name: The remote Fedora host is missing a security update. File: fedora_2017-6bdbf57f29.nasl - Type: ACT_GATHER_INFO |
2017-05-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-3849.nasl - Type: ACT_GATHER_INFO |
2017-05-11 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_0baee383356c11e7b9a950e549ebab6c.nasl - Type: ACT_GATHER_INFO |
2017-03-14 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-334.nasl - Type: ACT_GATHER_INFO |
2017-03-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-b011e8c922.nasl - Type: ACT_GATHER_INFO |
2017-03-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-4f4eef4791.nasl - Type: ACT_GATHER_INFO |
2017-03-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-01eed6fe8c.nasl - Type: ACT_GATHER_INFO |
2017-03-10 | Name: The remote Ubuntu host is missing a security-related patch. File: ubuntu_USN-3223-1.nasl - Type: ACT_GATHER_INFO |
2017-03-06 | Name: The remote Fedora host is missing a security update. File: fedora_2017-f9ab92fa6c.nasl - Type: ACT_GATHER_INFO |