Page 9 of 196 results (0.015 seconds)

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user. Una linea de comando maliciosamente manipulada para kdesu puede resultar en que el usuario sólo vea parte de los comandos que serán realmente ejecutados como superusuario. • http://lists.opensuse.org/opensuse-updates/2016-10/msg00031.html http://lists.opensuse.org/opensuse-updates/2016-10/msg00034.html http://www.openwall.com/lists/oss-security/2016/09/29/7 http://www.securityfocus.com/bid/93224 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content. A través de una URL maliciosa que contenía un caracter de comillas era posible inyectar código HTML en el visor de texto plano de KMail. Debido al analizador utilizado en la URL no fue posible incluir el signo igual (=) o un espacio dentro del HTML inyectado, lo que reduce enormemente la funcionalidad HTML disponible. • http://lists.opensuse.org/opensuse-updates/2016-10/msg00065.html http://www.debian.org/security/2016/dsa-3697 http://www.openwall.com/lists/oss-security/2016/10/05/1 http://www.securityfocus.com/bid/93360 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QNMM5TVPTJQFPJ3YDF4DPXDFW3GQLWLY • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 1

Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads. Vulnerabilidad transversal del directorio en KArchive en versiones anteriores a 5.24, como se usa en KDE Frameworks, permite a atacantes remotos escribir a archivos arbitrarios a través de un ../ (dot dot slash) en un nombre de archivo en un archivo histórico, relacionado con descargas KNewsstuff. • http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00000.html http://www.debian.org/security/2016/dsa-3643 http://www.openwall.com/lists/oss-security/2016/07/16/2 http://www.openwall.com/lists/oss-security/2016/07/16/3 http://www.securityfocus.com/bid/91806 http://www.ubuntu.com/usn/USN-3042-1 https://quickgit.kde.org/?p=karchive.git&a=commit&h=0cb243f64eef45565741b27364cece7d5c349c37 https& • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file. kinit en KDE Frameworks en versiones anteriores a 5.23.0 utiliza permisos débiles (644) para /tmp/xauth-xxx-_y, lo que permite a usuarios locales obtener cookies X11 de otros usuarios y consecuentemente capturar pulsaciones del teclado y posiblemente obtener privilegios leyendo el archivo. • http://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html http://www.kde.com/announcements/kde-frameworks-5.23.0.php http://www.securityfocus.com/bid/91769 https://bugs.kde.org/show_bug.cgi?id=358593 https://bugs.kde.org/show_bug.cgi?id=363140 https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58 https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd https://www.kde.org/info/security/advisory-20160621-1.t • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package. plasma-workspace anterior a 5.1.95 permite a atacantes remotos obtener contraseñas a través de un paquete 'Look and Feel' troyano. • http://www.openwall.com/lists/oss-security/2015/01/22/6 http://www.securityfocus.com/bid/72285 https://www.kde.org/info/security/advisory-20150122-1.txt • CWE-284: Improper Access Control •