This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Kde First view 2010-04-15
Product Kde Sc Last view 2014-02-04
Version 4.3.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:kde:kde_sc

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2014-02-04 CVE-2011-2725

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

5 2013-09-16 CVE-2013-4132

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

5.8 2011-04-26 CVE-2011-1586

Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.

6.8 2010-08-30 CVE-2010-2575

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.

6.4 2010-05-17 CVE-2010-1511

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

5.8 2010-05-17 CVE-2010-1000

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

6.9 2010-04-15 CVE-2010-0436

Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.

CWE : Common Weakness Enumeration

%idName
42% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
14% (1) CWE-362 Race Condition
14% (1) CWE-310 Cryptographic Issues
14% (1) CWE-264 Permissions, Privileges, and Access Controls
14% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
74943 KDE KGet ui/metalinkcreator/metalinker.cpp KGetMetalink::File::isValidNameAtt...
74180 KDE kdeutils Ark Traversal Arbitrary File Deletion
67454 KDE Okular generators/plucker/unpluck/image.cpp TranscribePalmImageToJPEG() F...
64690 KDE KGet file Element name Attribute Traversal Arbitrary File Creation
64689 KDE KGet Arbitrary Unacknowledged Download Arbitrary File Overwrite
63814 KDE KDM backend/ctrl.c Control Socket Race Condition Local Privilege Escalation

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-06-06 Name : RedHat Update for kdenetwork RHSA-2011:0465-01
File : nvt/gb_RHSA-2011_0465-01_kdenetwork.nasl
2011-11-25 Name : Ubuntu Update for kdeutils USN-1276-1
File : nvt/gb_ubuntu_USN_1276_1.nasl
2011-05-10 Name : Ubuntu Update for kdenetwork USN-1114-1
File : nvt/gb_ubuntu_USN_1114_1.nasl
2011-05-06 Name : Mandriva Update for kdenetwork4 MDVSA-2011:081 (kdenetwork4)
File : nvt/gb_mandriva_MDVSA_2011_081.nasl
2011-04-22 Name : Fedora Update for kdenetwork FEDORA-2011-5211
File : nvt/gb_fedora_2011_5211_kdenetwork_fc13.nasl
2010-12-09 Name : Fedora Update for kdenetwork FEDORA-2010-18029
File : nvt/gb_fedora_2010_18029_kdenetwork_fc12.nasl
2010-12-02 Name : Fedora Update for kdegraphics FEDORA-2010-13589
File : nvt/gb_fedora_2010_13589_kdegraphics_fc14.nasl
2010-08-30 Name : Fedora Update for kdegraphics FEDORA-2010-13629
File : nvt/gb_fedora_2010_13629_kdegraphics_fc13.nasl
2010-08-30 Name : Fedora Update for kdegraphics FEDORA-2010-13661
File : nvt/gb_fedora_2010_13661_kdegraphics_fc12.nasl
2010-08-30 Name : Mandriva Update for kdegraphics4 MDVSA-2010:162 (kdegraphics4)
File : nvt/gb_mandriva_MDVSA_2010_162.nasl
2010-08-30 Name : Ubuntu Update for kdegraphics vulnerability USN-979-1
File : nvt/gb_ubuntu_USN_979_1.nasl
2010-05-28 Name : Fedora Update for kde-l10n FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kde-l10n_fc12.nasl
2010-05-28 Name : Fedora Update for kdeaccessibility FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdeaccessibility_fc12.nasl
2010-05-28 Name : Fedora Update for kdeadmin FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdeadmin_fc12.nasl
2010-05-28 Name : Fedora Update for kdeartwork FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdeartwork_fc12.nasl
2010-05-28 Name : Fedora Update for kdebase-runtime FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdebase-runtime_fc12.nasl
2010-05-28 Name : Fedora Update for kdebase-workspace FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdebase-workspace_fc12.nasl
2010-05-28 Name : Fedora Update for kdebase FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdebase_fc12.nasl
2010-05-28 Name : Fedora Update for kdebindings FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdebindings_fc12.nasl
2010-05-28 Name : Fedora Update for kdeedu FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdeedu_fc12.nasl
2010-05-28 Name : Fedora Update for kdegames FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdegames_fc12.nasl
2010-05-28 Name : Fedora Update for kdegraphics FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdegraphics_fc12.nasl
2010-05-28 Name : Fedora Update for kdelibs FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdelibs_fc12.nasl
2010-05-28 Name : Fedora Update for kdemultimedia FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdemultimedia_fc12.nasl
2010-05-28 Name : Fedora Update for kdenetwork FEDORA-2010-8544
File : nvt/gb_fedora_2010_8544_kdenetwork_fc12.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2014-07-11 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_kde4-kdm-140630.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_ark-120228.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_kdenetwork4-101119.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_gwenview-100902.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-625.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-607.nasl - Type: ACT_GATHER_INFO
2013-11-29 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201311-20.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2010-0348.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0465.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110421_kdenetwork_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20100414_kdebase_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-03-07 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_ark-120229.nasl - Type: ACT_GATHER_INFO
2011-11-22 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1276-1.nasl - Type: ACT_GATHER_INFO
2011-11-14 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_7fb9e7390e6d11e187cd00235a5f2c9a.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1114-1.nasl - Type: ACT_GATHER_INFO
2011-05-28 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2010-240-03.nasl - Type: ACT_GATHER_INFO
2011-05-28 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2010-110-02.nasl - Type: ACT_GATHER_INFO
2011-05-05 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_kdenetwork4-101119.nasl - Type: ACT_GATHER_INFO
2011-05-05 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_kdenetwork3-101119.nasl - Type: ACT_GATHER_INFO
2011-05-05 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_kde4-kdnssd-101119.nasl - Type: ACT_GATHER_INFO
2011-05-03 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2011-081.nasl - Type: ACT_GATHER_INFO
2011-04-27 Name: The remote Fedora host is missing a security update.
File: fedora_2011-5774.nasl - Type: ACT_GATHER_INFO
2011-04-22 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2011-0465.nasl - Type: ACT_GATHER_INFO
2011-04-21 Name: The remote Fedora host is missing a security update.
File: fedora_2011-5211.nasl - Type: ACT_GATHER_INFO