CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 2CVE-2011-2725
https://notcve.org/view.php?id=CVE-2011-2725
04 Feb 2014 — Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file. Vulnerabilidad de salto de directorio en Ark 4.7.x y anteriores permite a atacantes remotos eliminar y forzar la visualización de archivos arbitrarios a través de secuencias .. (punto punto) en un archivo zip. • http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4132
https://notcve.org/view.php?id=CVE-2013-4132
16 Sep 2013 — KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass. KDE-Workspace 4.10.5 y anteriores no gestiona de forma adecuada el valor de retorno de glibc 2.17 crypt y funciones pw_encrypt, lo que permite a atac... • http://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 70EXPL: 0CVE-2011-1586 – kdenetwork: incomplete fix for CVE-2010-1000
https://notcve.org/view.php?id=CVE-2011-1586
27 Apr 2011 — Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. Vulnerabilidad de salto de directorio en la función KGetMetalink::File::isValidNameAttr en ui/metalinkcreator/metalinker.cpp en KGet en KDE SC v... • http://openwall.com/lists/oss-security/2011/04/15/9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 6%CPEs: 13EXPL: 0CVE-2010-2575 – Gentoo Linux Security Advisory 201311-20
https://notcve.org/view.php?id=CVE-2010-2575
30 Aug 2010 — Heap-based buffer overflow in the RLE decompression functionality in the TranscribePalmImageToJPEG function in generators/plucker/inplug/image.cpp in Okular in KDE SC 4.3.0 through 4.5.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image in a PDB file. Desbordamiento de buffer basado en memoria dinámica en la funcionalidad de descompresión RLE de la función TranscribePalmImageToJPEG en generators/plucker/inplug/image.cpp de Okular ... • http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046448.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 56EXPL: 0CVE-2010-1511 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2010-1511
17 May 2010 — KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3 no solicita de forma adecuada la confirmación de descarga por parte del usuario, lo que facilita a atacantes remotos sobrescribir ficheros de su elección a través un fichero metalik manipulado. This GLSA contains notification of vulnerabilities found in several Gen... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 1%CPEs: 53EXPL: 0CVE-2010-1000 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2010-1000
17 May 2010 — Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. Vulnerabilidad de salto de directorio en KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3, permite a atacantes remotos crear ficheros de su elección al utilizar caracteres .. (punto punto) en el atributo nombre de un elemento fichero en un fichero metalink. This GLSA contains notification of vulnerabil... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 11EXPL: 0CVE-2010-0436 – kdm privilege escalation flaw
https://notcve.org/view.php?id=CVE-2010-0436
15 Apr 2010 — Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. Condición de carrera en backend/ctrl.c en KDM en KDE Software Compilation (SC) v2.2.0 hasta v4.4.2 permite a usuarios locales cambiar de ficheros a su elección, y consecuentemente obtener privelegios... • ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •