CVE-2020-12755
https://notcve.org/view.php?id=CVE-2020-12755
fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. La función fishProtocol::establishConnection en el archivo fish/fish.cpp en KDE kio-extras versiones hasta 20.04.0, realiza una llamada de cacheAuthentication aun cuando el usuario no haya configurado la opción keepPassword. Esto puede conllevar a un almacenamiento involuntario de una contraseña en el KWallet. • https://commits.kde.org/kio-extras/d813cef3cecdec9af1532a40d677a203ff979145 •
CVE-2020-11880
https://notcve.org/view.php?id=CVE-2020-11880
An issue was discovered in KDE KMail before 19.12.3. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an attach=.bash_history value. Se detectó un problema en KDE KMail versiones anteriores a 19.12.3. Al usar el parámetro "mailto? • https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1 https://cgit.kde.org/kmail.git/tag/?h=v19.12.3 •
CVE-2020-9359 – okular: local binary execution via specially crafted PDF files
https://notcve.org/view.php?id=CVE-2020-9359
KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. KDE Okular versiones anteriores a la versión 1.10.0, permite una ejecución de código por medio de un enlace de acción en un documento PDF. • https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244 https://kde.org/info/security/advisory-20200312-1.txt https://lists.debian.org/debian-lts-announce/2020/03/msg00033.html https://lists.debian.org/debian-lts-announce/2021/12/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2TY3O6UWX2XTP7PISPTZ6FYRDFU4UF66 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AW6GJ3AKGXOMTDHNZBMSXDTWNJJRFBDH https: • CWE-184: Incomplete List of Disallowed Inputs •
CVE-2018-19516
https://notcve.org/view.php?id=CVE-2018-19516
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. El archivo messagepartthemes/default/defaultrenderer.cpp en messagelib en KDE Applications versiones anteriores a 18.12.0, no restringe apropiadamente el manejo de un valor http-equiv="REFRESH". • https://cgit.kde.org/messagelib.git/commit/messageviewer/src/messagepartthemes/default/defaultrenderer.cpp?id=34765909cdf8e55402a8567b48fb288839c61612 • CWE-20: Improper Input Validation •
CVE-2013-2213
https://notcve.org/view.php?id=CVE-2013-2213
The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output. La función KRandom::random en KDE Paste Applet posterior a 4.10.5 en kdeplasma-addons, utiliza el generador congruencial lineal de la función rand de GNU C Library, lo que facilita a atacantes dependiendo del contexto derrotar los mecanismos de protección criptográfica al predecir la salida del generador. • http://openwall.com/lists/oss-security/2013/06/13/1 http://openwall.com/lists/oss-security/2013/06/26/2 https://bugzilla.redhat.com/show_bug.cgi?id=978243 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •