CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2019-7443 – Ubuntu Security Notice USN-6035-1
https://notcve.org/view.php?id=CVE-2019-7443
07 May 2019 — KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. KDE KAuth, versiones anteriores 5.55, permite el paso de parámetros con tipos arbitrarios a ayudante... • http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-8422 – KDE 4/5 - 'KAuth' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-8422
15 May 2017 — KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. KDelibs de KDE antes de 4.14.32 y KAuth antes de 5.34 permiten que los usuarios locales obtengan privilegios de root por spoofing de un callerID y aprovechando una aplicación de ayuda privilegiada. A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofin... • https://packetstorm.news/files/id/142638 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 1CVE-2014-5033 – polkit-qt: insecure calling of polkit
https://notcve.org/view.php?id=CVE-2014-5033
31 Jul 2014 — KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." KDE kdelibs anterior a 4.14 y kauth anterior a 5.1 no utilizan debidamente D-Bus para la comunicación con una autoridad polkit, lo que permite a usuarios locales e... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •