CVSS: 7.8EPSS: 5%CPEs: 13EXPL: 0CVE-2010-2575 – Gentoo Linux Security Advisory 201311-20
https://notcve.org/view.php?id=CVE-2010-2575
30 Aug 2010 — Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file. Desbordamiento de buffer basado en memoria dinámica en la funcionalidad de descompresión RLE de la función TranscribePalmImageToJPEG en generators/plucker/inplug/image.cpp de Okular ... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 6%CPEs: 56EXPL: 0CVE-2010-1511 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2010-1511
17 May 2010 — KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3 no solicita de forma adecuada la confirmación de descarga por parte del usuario, lo que facilita a atacantes remotos sobrescribir ficheros de su elección a través un fichero metalik manipulado. This GLSA contains notification of vulnerabilities found in several Gen... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 2%CPEs: 53EXPL: 0CVE-2010-1000 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2010-1000
17 May 2010 — Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. Vulnerabilidad de salto de directorio en KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3, permite a atacantes remotos crear ficheros de su elección al utilizar caracteres .. (punto punto) en el atributo nombre de un elemento fichero en un fichero metalink. This GLSA contains notification of vulnerabil... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2010-0436 – kdm privilege escalation flaw
https://notcve.org/view.php?id=CVE-2010-0436
15 Apr 2010 — Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. Condición de carrera en backend/ctrl.c en KDM en KDE Software Compilation (SC) v2.2.0 hasta v4.4.2 permite a usuarios locales cambiar de ficheros a su elección, y consecuentemente obtener privelegios... • ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0923
https://notcve.org/view.php?id=CVE-2010-0923
03 Mar 2010 — Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner lock module in kdebase in KDE SC 4.4.0 allows physically proximate attackers to bypass KScreenSaver screen locking and access an unattended workstation by pressing the Enter key at a certain time, related to multiple forked processes. Condición de carrera en workspace/krunner/lock/lockdlg.cc en el módulo de bloqueo KRunner en kdebase en KDE SC 4.4.0 permite a atacantes próximos físicamente evitar el bloqueo de pantalla KScreenSaver y acceder... • http://bugs.kde.org/show_bug.cgi?id=226449 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 1CVE-2008-5698 – Konqueror 3.5.9 - 'load' Remote Crash
https://notcve.org/view.php?id=CVE-2008-5698
22 Dec 2008 — HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. HTMLTokenizer::scriptHandler en Konqueror de KDE v3.5.9 y v3.5.10, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una llamada no válida a document.load, esto lanza que se use ... • https://www.exploit-db.com/exploits/6718 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 4%CPEs: 4EXPL: 0CVE-2008-1670
https://notcve.org/view.php?id=CVE-2008-1670
28 Apr 2008 — Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image. Desbordamiento de búfer basado en montículo en el cargador de imagen PNG progresivo (decoders/pngloader.cpp) en KHTML de KDE 4.0.x hasta 4.0.3; permite a atacantes remotos provocar una denegación de servicio (caída) y puede que ejecutar código de su elección mediante una ... • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2008-1671
https://notcve.org/view.php?id=CVE-2008-1671
28 Apr 2008 — start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. start_kdeinit en KDE de 3.5.5 a 3.5.9, cuando está instalado setuid root, permite a usuarios locales provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante "una entrada influenciable por e... • ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff • CWE-16: Configuration •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5963
https://notcve.org/view.php?id=CVE-2007-5963
19 Dec 2007 — Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors. Vulnerabilidad no especificada en kdebase permite a usuarios locales provocar denegación de servicio (acceso de entrada no accesible KDM, o consumo de recursos) a través de vectores desconocidos. • http://osvdb.org/41395 •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2007-4569 – kdm password-less login vulnerability
https://notcve.org/view.php?id=CVE-2007-4569
21 Sep 2007 — backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. El backend/session.c del KDE 3.3.0 hasta el 3.5.7, cuando la auto-autenticación está configurada y el "apagado con contraseña" está habilitado, permite a atacantes remotos evitar el requerimiento de contraseña y autenticarse en cuentas de su elección a través de vectores s... • http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html • CWE-264: Permissions, Privileges, and Access Controls •