Search CVE reports
1 – 10 of 25 results
CVE-2019-14744
Medium priorityIn KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory...
2 affected packages
kconfig, kde4libs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kconfig | — | Not affected | Not affected | Fixed | Fixed |
kde4libs | — | Not in release | Not in release | Fixed | Fixed |
CVE-2015-7543
Medium priorityaRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.
1 affected package
kde4libs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kde4libs | — | — | — | — | — |
CVE-2017-8422
High priorityKDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
2 affected packages
kauth, kde4libs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kauth | — | — | — | — | Fixed |
kde4libs | — | — | — | — | Fixed |
CVE-2017-6410
Medium prioritykpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows...
2 affected packages
kde4libs, kio
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kde4libs | — | — | — | — | Fixed |
kio | — | — | — | — | Fixed |
CVE-2016-6232
Medium prioritySome fixes available 5 of 8
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
2 affected packages
karchive, kde4libs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
karchive | — | — | — | Not affected | Fixed |
kde4libs | — | — | — | Not affected | Fixed |
CVE-2014-5033
Medium prioritySome fixes available 2 of 3
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject...
1 affected package
kde4libs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kde4libs | — | — | — | — | — |
CVE-2014-3494
Medium prioritySome fixes available 2 of 3
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
1 affected package
kde4libs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kde4libs | — | — | — | — | — |
CVE-2013-2074
Medium prioritySome fixes available 3 of 4
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
1 affected package
kde4libs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kde4libs | — | — | — | — | — |
CVE-2011-3365
Medium prioritySome fixes available 2 of 3
The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common...
1 affected package
kde4libs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kde4libs | — | — | — | — | — |
CVE-2011-1168
Medium prioritySome fixes available 3 of 4
Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL...
1 affected package
kde4libs
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kde4libs | — | — | — | — | — |