This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Kde First view 2010-04-15
Product Kde Sc Last view 2014-02-04
Version 4.4.2 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:kde:kde_sc

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2014-02-04 CVE-2011-2725

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

5 2013-09-16 CVE-2013-4132

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

5.8 2011-04-26 CVE-2011-1586

Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.

4.3 2011-04-18 CVE-2011-1168

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.

6.8 2010-08-30 CVE-2010-2575

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.

6.4 2010-05-17 CVE-2010-1511

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

5.8 2010-05-17 CVE-2010-1000

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

6.9 2010-04-15 CVE-2010-0436

Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.

CWE : Common Weakness Enumeration

%idName
37% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
12% (1) CWE-362 Race Condition
12% (1) CWE-310 Cryptographic Issues
12% (1) CWE-264 Permissions, Privileges, and Access Controls
12% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Open Source Vulnerability Database (OSVDB)

id Description
74943 KDE KGet ui/metalinkcreator/metalinker.cpp KGetMetalink::File::isValidNameAtt...
74180 KDE kdeutils Ark Traversal Arbitrary File Deletion
71876 KDE Konqueror khtml/khtml_part.cpp KHTMLPart::htmlError() Function Error Page...
67454 KDE Okular generators/plucker/unpluck/image.cpp TranscribePalmImageToJPEG() F...
64690 KDE KGet file Element name Attribute Traversal Arbitrary File Creation
64689 KDE KGet Arbitrary Unacknowledged Download Arbitrary File Overwrite
63814 KDE KDM backend/ctrl.c Control Socket Race Condition Local Privilege Escalation

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-06-06 Name : RedHat Update for kdelibs RHSA-2011:0464-01
File : nvt/gb_RHSA-2011_0464-01_kdelibs.nasl
2012-06-06 Name : RedHat Update for kdenetwork RHSA-2011:0465-01
File : nvt/gb_RHSA-2011_0465-01_kdenetwork.nasl
2011-11-25 Name : Ubuntu Update for kdeutils USN-1276-1
File : nvt/gb_ubuntu_USN_1276_1.nasl
2011-05-10 Name : Ubuntu Update for kde4libs USN-1110-1
File : nvt/gb_ubuntu_USN_1110_1.nasl
2011-05-10 Name : Ubuntu Update for kdenetwork USN-1114-1
File : nvt/gb_ubuntu_USN_1114_1.nasl
2011-05-06 Name : Mandriva Update for kdenetwork4 MDVSA-2011:081 (kdenetwork4)
File : nvt/gb_mandriva_MDVSA_2011_081.nasl
2011-04-22 Name : Fedora Update for kdelibs FEDORA-2011-5183
File : nvt/gb_fedora_2011_5183_kdelibs_fc13.nasl
2011-04-22 Name : Fedora Update for darktable FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_darktable_fc14.nasl
2011-04-22 Name : Fedora Update for exiv2 FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_exiv2_fc14.nasl
2011-04-22 Name : Fedora Update for geeqie FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_geeqie_fc14.nasl
2011-04-22 Name : Fedora Update for gipfel FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_gipfel_fc14.nasl
2011-04-22 Name : Fedora Update for gnome-commander FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_gnome-commander_fc14.nasl
2011-04-22 Name : Fedora Update for gpscorrelate FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_gpscorrelate_fc14.nasl
2011-04-22 Name : Fedora Update for gthumb FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_gthumb_fc14.nasl
2011-04-22 Name : Fedora Update for hugin FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_hugin_fc14.nasl
2011-04-22 Name : Fedora Update for immix FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_immix_fc14.nasl
2011-04-22 Name : Fedora Update for kde-l10n FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kde-l10n_fc14.nasl
2011-04-22 Name : Fedora Update for kdeaccessibility FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeaccessibility_fc14.nasl
2011-04-22 Name : Fedora Update for kdeadmin FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeadmin_fc14.nasl
2011-04-22 Name : Fedora Update for kdeartwork FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeartwork_fc14.nasl
2011-04-22 Name : Fedora Update for kdebase-runtime FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebase-runtime_fc14.nasl
2011-04-22 Name : Fedora Update for kdebase-workspace FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebase-workspace_fc14.nasl
2011-04-22 Name : Fedora Update for kdebase FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebase_fc14.nasl
2011-04-22 Name : Fedora Update for kdebindings FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdebindings_fc14.nasl
2011-04-22 Name : Fedora Update for kdeedu FEDORA-2011-5200
File : nvt/gb_fedora_2011_5200_kdeedu_fc14.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2014-07-11 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_kde4-kdm-140630.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_kdelibs4-110418.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_ark-120228.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_kdenetwork4-101119.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_kdelibs4-110418.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_gwenview-100902.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-625.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-607.nasl - Type: ACT_GATHER_INFO
2013-11-29 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201311-20.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0465.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0464.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2010-0348.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110421_kdenetwork_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110421_kdelibs_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20100414_kdebase_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-03-07 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_ark-120229.nasl - Type: ACT_GATHER_INFO
2011-11-22 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1276-1.nasl - Type: ACT_GATHER_INFO
2011-11-14 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_7fb9e7390e6d11e187cd00235a5f2c9a.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1114-1.nasl - Type: ACT_GATHER_INFO
2011-06-13 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-1110-1.nasl - Type: ACT_GATHER_INFO
2011-05-28 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2010-240-03.nasl - Type: ACT_GATHER_INFO
2011-05-28 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2011-101-02.nasl - Type: ACT_GATHER_INFO
2011-05-28 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2010-110-02.nasl - Type: ACT_GATHER_INFO
2011-05-27 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_kdelibs4-110418.nasl - Type: ACT_GATHER_INFO