Page 2 of 8 results (0.004 seconds)

CVSS: 6.4EPSS: 0%CPEs: 56EXPL: 0

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3 no solicita de forma adecuada la confirmación de descarga por parte del usuario, lo que facilita a atacantes remotos sobrescribir ficheros de su elección a través un fichero metalik manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html http://marc.info/?l=oss-security&m=127378789518426&w=2 http://osvdb.org/64689 http://secunia.com/advisories/39528 http://secunia.com/advisories/39787 http://secunia.com/secunia_research/2010-70 http://securitytracker.com/id?1023984 http://www.kde.org/info/security/advisory-20100513-1.txt http://www.securityfocus.com/archive/1/511279/100/0/threaded http://www.securityfocus.com/archive/1/511294 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 0%CPEs: 53EXPL: 0

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. Vulnerabilidad de salto de directorio en KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3, permite a atacantes remotos crear ficheros de su elección al utilizar caracteres .. (punto punto) en el atributo nombre de un elemento fichero en un fichero metalink. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://marc.info/?l=oss-security&m=127378789518426&w=2 http://osvdb.org/64690 http://secunia.com/advisories/39528 http://secunia.com/advisories/39787 http://secunia.com/advisories/42423 http://secunia.com/secunia_research/2010-69 http://securitytracker • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.9EPSS: 0%CPEs: 11EXPL: 0

Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. Condición de carrera en backend/ctrl.c en KDM en KDE Software Compilation (SC) v2.2.0 hasta v4.4.2 permite a usuarios locales cambiar de ficheros a su elección, y consecuentemente obtener privelegios, bloqueando el borrado de varios directorios que contienen sockets de control, relacionado con la interacción inadecuada con ksm. • ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2010-0348.html http://secunia.com/advisories/39419 http://secunia.com/advisories/39481 http://secunia.com/advisories/39506 http://www.debian.org/security/2010/dsa-2037 http://www.kde.org/info/security/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •