This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Kde First view 2005-01-10
Product Kdelibs Last view 2017-07-25
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:kde:kdelibs:3.1.5:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kdelibs:3.1.4:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kdelibs:3.5.4:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kdelibs:3.1.3:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kdelibs:3.1.2:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kdelibs:3.1.1:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kdelibs:3.1:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kdelibs:3.2.1:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kdelibs:3.2:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kdelibs:3.2.2:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kdelibs:4.3:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kdelibs:4.2.4:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.10.3:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.10.1:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.10.2:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.10.0:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:* 4
cpe:2.3:a:kde:kdelibs:4.13.95:*:*:*:*:*:*:* 3
cpe:2.3:a:kde:kdelibs:4.13.3:*:*:*:*:*:*:* 3
cpe:2.3:a:kde:kdelibs:4.10.95:*:*:*:*:*:*:* 3
cpe:2.3:a:kde:kdelibs:4.13.90:*:*:*:*:*:*:* 3
cpe:2.3:a:kde:kdelibs:4.13.80:*:*:*:*:*:*:* 3
cpe:2.3:a:kde:kdelibs:4.13.2:*:*:*:*:*:*:* 3

Related : CVE

  Date Alert Description
7 2017-07-25 CVE-2015-7543

aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
7.8 2017-05-17 CVE-2017-8422

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
5.5 2017-03-02 CVE-2017-6410

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
6.9 2014-08-19 CVE-2014-5033

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
4.3 2014-07-01 CVE-2014-3494

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
5 2014-02-05 CVE-2013-2074

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
7.5 2009-09-08 CVE-2009-2702

KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
7.5 2005-01-10 CVE-2004-1165

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-362 Race Condition
28% (2) CWE-200 Information Exposure
14% (1) CWE-319 Cleartext Transmission of Sensitive Information
14% (1) CWE-310 Cryptographic Issues
14% (1) CWE-290 Authentication Bypass by Spoofing

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:9645 Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via...
oval:org.mitre.oval:def:7682 DSA-1916 kdelibs -- insufficient input validation
oval:org.mitre.oval:def:13812 USN-833-1 -- kde4libs, kdelibs vulnerability
oval:org.mitre.oval:def:13376 DSA-1916-1 kdelibs -- insufficient input validation
oval:org.mitre.oval:def:18275 USN-1842-1 -- kde4libs vulnerability
oval:org.mitre.oval:def:26261 USN-2304-1 -- kde4libs vulnerability
oval:org.mitre.oval:def:26005 DSA-3004-1 kde4libs - security update
oval:org.mitre.oval:def:26969 ELSA-2014-1359 -- polkit-qt security update
oval:org.mitre.oval:def:26921 RHSA-2014:1359: polkit-qt security update (Important)

Open Source Vulnerability Database (OSVDB)

id Description
57746 KDE KSSL X.509 Certificate Authority (CA) Subject Alternative Name Null Byte ...
12853 Multiple Browser FTP Client Arbitrary Mail Send

OpenVAS Exploits

id Description
2011-11-03 Name : Mandriva Update for kdelibs4 MDVSA-2011:162 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2011_162.nasl
2011-04-11 Name : Mandriva Update for kdelibs4 MDVSA-2011:071 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2011_071.nasl
2010-05-28 Name : Fedora Update for kdelibs FEDORA-2010-8547
File : nvt/gb_fedora_2010_8547_kdelibs_fc11.nasl
2010-04-19 Name : Fedora Update for kdelibs FEDORA-2010-6077
File : nvt/gb_fedora_2010_6077_kdelibs_fc11.nasl
2010-01-29 Name : Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2010_027.nasl
2010-01-29 Name : Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4)
File : nvt/gb_mandriva_MDVSA_2010_028.nasl
2009-12-14 Name : Mandriva Security Advisory MDVSA-2009:330 (kdelibs)
File : nvt/mdksa_2009_330.nasl
2009-10-27 Name : Debian Security Advisory DSA 1916-1 (kdelibs)
File : nvt/deb_1916_1.nasl
2009-09-15 Name : Fedora Core 11 FEDORA-2009-9391 (kdelibs3)
File : nvt/fcore_2009_9391.nasl
2009-09-15 Name : Fedora Core 11 FEDORA-2009-9397 (kdeaccessibility)
File : nvt/fcore_2009_9397.nasl
2009-09-15 Name : Fedora Core 10 FEDORA-2009-9400 (kdelibs3)
File : nvt/fcore_2009_9400.nasl
2009-09-15 Name : Fedora Core 10 FEDORA-2009-9427 (akonadi)
File : nvt/fcore_2009_9427.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200501-18 (konqueror)
File : nvt/glsa_200501_18.nasl
2008-09-04 Name : FreeBSD Ports: ja-kdelibs, kdelibs
File : nvt/freebsd_ja-kdelibs0.nasl
2008-01-17 Name : Debian Security Advisory DSA 631-1 (kdelibs)
File : nvt/deb_631_1.nasl

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-dd51077c87.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-0898c704a1.nasl - Type: ACT_GATHER_INFO
2017-07-13 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1264.nasl - Type: ACT_GATHER_INFO
2017-06-28 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201706-29.nasl - Type: ACT_GATHER_INFO
2017-05-26 Name: The remote Debian host is missing a security update.
File: debian_DLA-952.nasl - Type: ACT_GATHER_INFO
2017-05-23 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1264.nasl - Type: ACT_GATHER_INFO
2017-05-23 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1264.nasl - Type: ACT_GATHER_INFO
2017-05-23 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1264.nasl - Type: ACT_GATHER_INFO
2017-05-23 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170522_kdelibs_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2017-05-19 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1335-1.nasl - Type: ACT_GATHER_INFO
2017-05-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8b4898ce81.nasl - Type: ACT_GATHER_INFO
2017-05-17 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2017-136-02.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3286-1.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-575.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2017-aff6f6bd9d.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2017-7e3437b905.nasl - Type: ACT_GATHER_INFO
2017-05-16 Name: The remote Fedora host is missing a security update.
File: fedora_2017-6bdbf57f29.nasl - Type: ACT_GATHER_INFO
2017-05-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-3849.nasl - Type: ACT_GATHER_INFO
2017-05-11 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_0baee383356c11e7b9a950e549ebab6c.nasl - Type: ACT_GATHER_INFO
2017-03-14 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-334.nasl - Type: ACT_GATHER_INFO
2017-03-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-b011e8c922.nasl - Type: ACT_GATHER_INFO
2017-03-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-4f4eef4791.nasl - Type: ACT_GATHER_INFO
2017-03-13 Name: The remote Fedora host is missing a security update.
File: fedora_2017-01eed6fe8c.nasl - Type: ACT_GATHER_INFO
2017-03-10 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-3223-1.nasl - Type: ACT_GATHER_INFO
2017-03-06 Name: The remote Fedora host is missing a security update.
File: fedora_2017-f9ab92fa6c.nasl - Type: ACT_GATHER_INFO