This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Kde First view 2010-05-17
Product Kde Sc Last view 2014-02-04
Version 4.4.0 Type Application
Update beta2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:kde:kde_sc

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2014-02-04 CVE-2011-2725

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

5 2013-09-16 CVE-2013-4132

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

5.8 2011-04-26 CVE-2011-1586

Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.

4.3 2011-04-18 CVE-2011-1168

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.

6.4 2010-05-17 CVE-2010-1511

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

5.8 2010-05-17 CVE-2010-1000

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

CWE : Common Weakness Enumeration

%idName
50% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
16% (1) CWE-310 Cryptographic Issues
16% (1) CWE-264 Permissions, Privileges, and Access Controls
16% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
74943 KDE KGet ui/metalinkcreator/metalinker.cpp KGetMetalink::File::isValidNameAtt...
74180 KDE kdeutils Ark Traversal Arbitrary File Deletion
71876 KDE Konqueror khtml/khtml_part.cpp KHTMLPart::htmlError() Function Error Page...
64690 KDE KGet file Element name Attribute Traversal Arbitrary File Creation
64689 KDE KGet Arbitrary Unacknowledged Download Arbitrary File Overwrite

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-06-06 Name : RedHat Update for kdelibs RHSA-2011:0464-01
File : nvt/gb_RHSA-2011_0464-01_kdelibs.nasl
2012-06-06 Name : RedHat Update for kdenetwork RHSA-2011:0465-01
File : nvt/gb_RHSA-2011_0465-01_kdenetwork.nasl
2011-11-25 Name : Ubuntu Update for kdeutils USN-1276-1
File : nvt/gb_ubuntu_USN_1276_1.nasl
2011-05-10 Name : Ubuntu Update for kde4libs USN-1110-1
File : nvt/gb_ubuntu_USN_1110_1.nasl
2011-05-10 Name : Ubuntu Update for kdenetwork USN-1114-1
File : nvt/gb_ubuntu_USN_1114_1.nasl
2011-05-06 Name : Mandriva Update for kdenetwork4 MDVSA-2011:081 (kdenetwork4)
File : nvt/gb_mandriva_MDVSA_2011_081.nasl
2011-04-22 Name : Fedora Update for kdemultimedia FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdemultimedia_fc14.nasl
2011-04-22 Name : Fedora Update for geeqie FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_geeqie_fc14.nasl
2011-04-22 Name : Fedora Update for kdelibs FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdelibs_fc14.nasl
2011-04-22 Name : Fedora Update for kdegraphics FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdegraphics_fc14.nasl
2011-04-22 Name : Fedora Update for kdegames FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdegames_fc14.nasl
2011-04-22 Name : Fedora Update for kdeedu FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeedu_fc14.nasl
2011-04-22 Name : Fedora Update for kdebindings FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebindings_fc14.nasl
2011-04-22 Name : Fedora Update for kdebase FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebase_fc14.nasl
2011-04-22 Name : Fedora Update for kdebase-workspace FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebase-workspace_fc14.nasl
2011-04-22 Name : Fedora Update for kdebase-runtime FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebase-runtime_fc14.nasl
2011-04-22 Name : Fedora Update for kdeartwork FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeartwork_fc14.nasl
2011-04-22 Name : Fedora Update for kdeadmin FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeadmin_fc14.nasl
2011-04-22 Name : Fedora Update for kdeaccessibility FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeaccessibility_fc14.nasl
2011-04-22 Name : Fedora Update for kde-l10n FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kde-l10n_fc14.nasl
2011-04-22 Name : Fedora Update for immix FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_immix_fc14.nasl
2011-04-22 Name : Fedora Update for hugin FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_hugin_fc14.nasl
2011-04-22 Name : Fedora Update for gthumb FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_gthumb_fc14.nasl
2011-04-22 Name : Fedora Update for gpscorrelate FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_gpscorrelate_fc14.nasl
2011-04-22 Name : Fedora Update for gnome-commander FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_gnome-commander_fc14.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2014-07-11 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_kde4-kdm-140630.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_kdelibs4-110418.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_ark-120228.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_kdenetwork4-101119.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_kdelibs4-110418.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-625.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-607.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0464.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0465.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110421_kdenetwork_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110421_kdelibs_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2012-03-07 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_ark-120229.nasl - Type: ACT_GATHER_INFO
2011-11-22 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1276-1.nasl - Type: ACT_GATHER_INFO
2011-11-14 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_7fb9e7390e6d11e187cd00235a5f2c9a.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1114-1.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1110-1.nasl - Type: ACT_GATHER_INFO
2011-05-28 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2011-101-02.nasl - Type: ACT_GATHER_INFO
2011-05-27 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_kdelibs4-110418.nasl - Type: ACT_GATHER_INFO
2011-05-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_kdelibs4-110418.nasl - Type: ACT_GATHER_INFO
2011-05-05 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_kde4-kdnssd-101119.nasl - Type: ACT_GATHER_INFO
2011-05-05 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_kdenetwork4-101119.nasl - Type: ACT_GATHER_INFO
2011-05-05 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_kdenetwork3-101119.nasl - Type: ACT_GATHER_INFO
2011-05-03 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2011-081.nasl - Type: ACT_GATHER_INFO
2011-04-27 Name: The remote Fedora host is missing a security update.
File: fedora_2011-5774.nasl - Type: ACT_GATHER_INFO