This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Kde First view 2010-03-03
Product Kde Sc Last view 2014-02-04
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:* 9
cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:* 8
cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:* 8
cpe:2.3:a:kde:kde_sc:4.4.3:*:*:*:*:*:*:* 7
cpe:2.3:a:kde:kde_sc:4.3.0:*:*:*:*:*:*:* 7
cpe:2.3:a:kde:kde_sc:4.3.4:*:*:*:*:*:*:* 7
cpe:2.3:a:kde:kde_sc:4.3.1:*:*:*:*:*:*:* 7
cpe:2.3:a:kde:kde_sc:4.3.5:*:*:*:*:*:*:* 7
cpe:2.3:a:kde:kde_sc:4.4.0:beta1:*:*:*:*:*:* 6
cpe:2.3:a:kde:kde_sc:4.4.0:rc2:*:*:*:*:*:* 6
cpe:2.3:a:kde:kde_sc:4.4.0:beta2:*:*:*:*:*:* 6
cpe:2.3:a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:* 6
cpe:2.3:a:kde:kde_sc:4.4.0:rc3:*:*:*:*:*:* 6
cpe:2.3:a:kde:kde_sc:4.1.2:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kde_sc:4.3.3:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kde_sc:4.2.2:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kde_sc:4.3.2:*:*:*:*:*:*:* 6
cpe:2.3:a:kde:kde_sc:4.4.5:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.4.4:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.6.1:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.5.0:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.6.0:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.1.4:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.3.0:rc3:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.3.0:rc2:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.0.0:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.1.80:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.1.96:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.0.1:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.0.0:rc2:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.0.3:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.2.1:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.1.1:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.1.0:beta2:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.0.0:alpha2:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.2.4:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.0.4:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.2.0:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.1.85:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.0.0:beta4:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.1.0:beta1:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.0.0:beta3:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:3.5.10:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.0.0:beta2:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.0.0:rc1:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.1.0:alpha1:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.3.0:beta1:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.0.0:beta1:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.1.3:*:*:*:*:*:*:* 5
cpe:2.3:a:kde:kde_sc:4.2.3:*:*:*:*:*:*:* 5

Related : CVE

  Date Alert Description
6.8 2014-02-04 CVE-2011-2725

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

5 2013-09-16 CVE-2013-4132

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass.

4.3 2011-11-29 CVE-2011-3365

The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.

5.8 2011-04-26 CVE-2011-1586

Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.

4.3 2011-04-18 CVE-2011-1168

Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site.

6.8 2010-08-30 CVE-2010-2575

Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file.

6.4 2010-05-17 CVE-2010-1511

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

5.8 2010-05-17 CVE-2010-1000

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

6.9 2010-04-15 CVE-2010-0436

Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm.

6.9 2010-03-03 CVE-2010-0923

Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes.

CWE : Common Weakness Enumeration

%idName
30% (3) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
20% (2) CWE-362 Race Condition
10% (1) CWE-310 Cryptographic Issues
10% (1) CWE-264 Permissions, Privileges, and Access Controls
10% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
10% (1) CWE-20 Improper Input Validation

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:9999 Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2....
oval:org.mitre.oval:def:7518 DSA-2037 kdebase -- race condition
oval:org.mitre.oval:def:22179 RHSA-2010:0348: kdebase security update (Important)
oval:org.mitre.oval:def:13465 DSA-2037-1 kdm (kdebase) -- race condition
oval:org.mitre.oval:def:12696 USN-932-1 -- kdebase-workspace vulnerability
oval:org.mitre.oval:def:22459 ELSA-2010:0348: kdebase security update (Important)
oval:org.mitre.oval:def:13074 USN-938-1 -- kdenetwork vulnerability
oval:org.mitre.oval:def:12910 USN-979-1 -- kdegraphics vulnerability
oval:org.mitre.oval:def:21872 RHSA-2011:0464: kdelibs security update (Moderate)
oval:org.mitre.oval:def:13867 USN-1110-1 -- kde4libs vulnerabilities
oval:org.mitre.oval:def:23600 ELSA-2011:0464: kdelibs security update (Moderate)
oval:org.mitre.oval:def:27884 DEPRECATED: ELSA-2011-0464 -- kdelibs security update (moderate)
oval:org.mitre.oval:def:21934 RHSA-2011:0465: kdenetwork security update (Important)
oval:org.mitre.oval:def:13898 USN-1114-1 -- kdenetwork vulnerability
oval:org.mitre.oval:def:23429 ELSA-2011:0465: kdenetwork security update (Important)
oval:org.mitre.oval:def:27759 DEPRECATED: ELSA-2011-0465 -- kdenetwork security update (important)
oval:org.mitre.oval:def:21776 RHSA-2011:1385: kdelibs and kdelibs3 security update (Moderate)
oval:org.mitre.oval:def:17794 USN-1248-1 -- kde4libs vulnerability
oval:org.mitre.oval:def:23626 ELSA-2011:1385: kdelibs and kdelibs3 security update (Moderate)
oval:org.mitre.oval:def:23311 DEPRECATED: ELSA-2011:1385: kdelibs and kdelibs3 security update (Moderate)
oval:org.mitre.oval:def:27107 RHSA-2011:1364 -- kdelibs security and enhancement update (Moderate)
oval:org.mitre.oval:def:27947 ELSA-2011-1364 -- kdelibs security and enhancement update (moderate)
oval:org.mitre.oval:def:15014 USN-1276-1 -- KDE Utilities vulnerability

Open Source Vulnerability Database (OSVDB)

id Description
76016 KDE KSSL Certificate Text Format CN Field RTF Data Parsing Certificate Spoofi...
74943 KDE KGet ui/metalinkcreator/metalinker.cpp KGetMetalink::File::isValidNameAtt...
74180 KDE kdeutils Ark Traversal Arbitrary File Deletion
71876 KDE Konqueror khtml/khtml_part.cpp KHTMLPart::htmlError() Function Error Page...
67454 KDE Okular generators/plucker/unpluck/image.cpp TranscribePalmImageToJPEG() F...
64690 KDE KGet file Element name Attribute Traversal Arbitrary File Creation
64689 KDE KGet Arbitrary Unacknowledged Download Arbitrary File Overwrite
63814 KDE KDM backend/ctrl.c Control Socket Race Condition Local Privilege Escalation
62417 KDE KRunner workspace/krunner/lock/lockdlg.cc Lock Module Race Condition Pass...

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-07-30 Name : CentOS Update for kdelibs CESA-2011:1385 centos4 x86_64
File : nvt/gb_CESA-2011_1385_kdelibs_centos4_x86_64.nasl
2012-07-30 Name : CentOS Update for kdelibs CESA-2011:1385 centos5 x86_64
File : nvt/gb_CESA-2011_1385_kdelibs_centos5_x86_64.nasl
2012-07-09 Name : RedHat Update for kdelibs RHSA-2011:1364-01
File : nvt/gb_RHSA-2011_1364-01_kdelibs.nasl
2012-06-06 Name : RedHat Update for kdelibs RHSA-2011:0464-01
File : nvt/gb_RHSA-2011_0464-01_kdelibs.nasl
2012-06-06 Name : RedHat Update for kdenetwork RHSA-2011:0465-01
File : nvt/gb_RHSA-2011_0465-01_kdenetwork.nasl
2012-04-02 Name : Fedora Update for PyKDE4 FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_PyKDE4_fc16.nasl
2012-04-02 Name : Fedora Update for akonadi FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_akonadi_fc16.nasl
2012-04-02 Name : Fedora Update for cantor FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_cantor_fc16.nasl
2012-04-02 Name : Fedora Update for gwenview FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_gwenview_fc16.nasl
2012-04-02 Name : Fedora Update for kalgebra FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kalgebra_fc16.nasl
2012-04-02 Name : Fedora Update for kalzium FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kalzium_fc16.nasl
2012-04-02 Name : Fedora Update for kate FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kate_fc16.nasl
2012-04-02 Name : Fedora Update for kbruch FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kbruch_fc16.nasl
2012-04-02 Name : Fedora Update for kcolorchooser FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kcolorchooser_fc16.nasl
2012-04-02 Name : Fedora Update for kde-settings FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kde-settings_fc16.nasl
2012-04-02 Name : Fedora Update for kdeaccessibility FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kdeaccessibility_fc16.nasl
2012-04-02 Name : Fedora Update for kdeadmin FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kdeadmin_fc16.nasl
2012-04-02 Name : Fedora Update for kdeartwork FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kdeartwork_fc16.nasl
2012-04-02 Name : Fedora Update for kdebase-runtime FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kdebase-runtime_fc16.nasl
2012-04-02 Name : Fedora Update for kdebase-workspace FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kdebase-workspace_fc16.nasl
2012-04-02 Name : Fedora Update for kdeedu FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kdeedu_fc16.nasl
2012-04-02 Name : Fedora Update for kdegames FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kdegames_fc16.nasl
2012-04-02 Name : Fedora Update for kdegraphics-strigi-analyzer FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kdegraphics-strigi-analyzer_fc16.nasl
2012-04-02 Name : Fedora Update for kdegraphics-thumbnailers FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kdegraphics-thumbnailers_fc16.nasl
2012-04-02 Name : Fedora Update for kdegraphics FEDORA-2011-13417
File : nvt/gb_fedora_2011_13417_kdegraphics_fc16.nasl

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-09.nasl - Type: ACT_GATHER_INFO
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2014-07-11 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_kde4-kdm-140630.nasl - Type: ACT_GATHER_INFO
2014-06-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201406-34.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-625.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-607.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_gwenview-100902.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_kdelibs4-110418.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_3_kdenetwork4-101119.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_ark-120228.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_kdelibs4-110418.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: suse_11_4_kdelibs4-111010.nasl - Type: ACT_GATHER_INFO
2013-11-29 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201311-20.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-1385.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-1364.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0465.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2011-0464.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2010-0348.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110421_kdelibs_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20111019_kdelibs_and_kdelibs3_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20111011_kdelibs_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20110421_kdenetwork_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20100414_kdebase_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2012-03-07 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_ark-120229.nasl - Type: ACT_GATHER_INFO
2011-11-22 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1276-1.nasl - Type: ACT_GATHER_INFO