Page 2 of 18 results (0.011 seconds)

CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0

kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files. • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.2-kdebase-kcheckpass.diff http://marc.info/?l=bugtraq&m=112603999215453&w=2 http://marc.info/?l=bugtraq&m=112611555928169&w=2 http://secunia.com/advisories/16692 http://secunia.com/advisories/18139 http://secunia.com/advisories/21481 http://www.debian.org/security/2005/dsa-815 http://www.kde.org/info/security/advisory-20050905-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2005:160 http://www •

CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0

langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files. • http://secunia.com/advisories/16428 http://securitytracker.com/id?1014675 http://www.debian.org/security/2005/dsa-818 http://www.kde.org/info/security/advisory-20050815-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2005:159 http://www.securityfocus.com/bid/14561 •

CVSS: 7.5EPSS: 5%CPEs: 20EXPL: 0

Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. Múltiples desbordamientos de búfer en libgadu, usado en Kopete en KDE 3.2.3 hasta la 3.4.1, ekg anteriores a 1.6rc3, GNU Gadu, CenterICQ, Kadu, y otros paquetes, permite que atacantes remotos causen una denegación de servicio (caída) y posiblemente ejecuten código arbitrario mediante un mensaje de entrada. • http://lwn.net/Articles/144724 http://marc.info/?l=bugtraq&m=112198499417250&w=2 http://secunia.com/advisories/16140 http://secunia.com/advisories/16155 http://secunia.com/advisories/16211 http://secunia.com/advisories/16242 http://security.gentoo.org/glsa/glsa-200507-23.xml http://www.gentoo.org/security/en/glsa/glsa-200507-26.xml http://www.kde.org/info/security/advisory-20050721-1.txt http://www.novell.com/linux/security/advisories/2005_19_sr.html http:/&# • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. Las aplicaciones Kate y Kwrite en KDE 3.2.x hasta la 3.4.0 no fijan adecuadamente los permisos en los ficheros de backup, lo que podría permitir que usuarios locales, y posiblemente también remotos, obtengan información confidencial. • http://marc.info/?l=bugtraq&m=112171434023679&w=2 http://secunia.com/advisories/16099 http://secunia.com/advisories/23099 http://security.gentoo.org/glsa/glsa-200611-21.xml http://securitytracker.com/id?1014512 http://www.debian.org/security/2005/dsa-804 http://www.kde.org/info/security/advisory-20050718-1.txt http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.redhat.com/support/errata/RHSA-2005-612.html http://www.securityfocus.com/archive&# • CWE-281: Improper Preservation of Permissions •

CVSS: 7.5EPSS: 2%CPEs: 18EXPL: 0

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diff http://marc.info/?l=bugtraq&m=111419664411051&w=2 http://secunia.com/advisories/15060 http://www.kde.org/info/security/advisory-20050420-1.txt http://www.securityfocus.com/bid/13313 •