4 results (0.007 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

kde-workspace before 4.10.5 has a memory leak in plasma desktop kde-workspace versiones anteriores a la versión 4.10.5, tiene una pérdida de memoria en el escritorio plasma • http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html http://www.openwall.com/lists/oss-security/2013/07/16/4 http://www.securityfocus.com/bid/61201 https://access.redhat.com/security/cve/cve-2013-4133 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4133 https://exchange.xforce.ibmcloud.com/vulnerabilities/85797 https://security-tracker.debian.org/tracker/CVE-2013-4133 • CWE-404: Improper Resource Shutdown or Release •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked. kde-workspace 4.2.0 y plasma-workspace anterior a 5.1.95 permiten a atacantes remotos obtener eventos de entradas, y como consecuencia obtener contraseñas, mediante el aprovechamiento del acceso al servidor X cuando la pantalla está bloqueada. • http://secunia.com/advisories/62051 http://www.openwall.com/lists/oss-security/2015/01/22/6 http://www.securityfocus.com/bid/72284 https://www.kde.org/info/security/advisory-20150122-2.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0

The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. KDE Clock KCM Policykit Helper en kde-workspace anterior a 4.11.14 y plasma-desktop anterior a 5.1.1 permite a usuarios locales ganar privilegios a través de un argumento ntpUtility (ntp utility name) manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/143781.html http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144034.html http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144093.html http://www.openwall.com/lists/oss-security/2014/11/04/9 http://www.openwall.com/lists/oss-security/2014/11/07/3 http://www.securityfocus.com/bid/70904 http://www.ubuntu.com/usn/USN-2402-1 https://security.gentoo.org/glsa/201512-12 htt • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass. KDE-Workspace 4.10.5 y anteriores no gestiona de forma adecuada el valor de retorno de glibc 2.17 crypt y funciones pw_encrypt, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y cuelgue) a través de (1) un "salt" invalido o una contraseña cifrada, cuando FIPS-140 está habilitado, para KDM o una (4) contraseña no válida para KCheckPass. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html http://seclists.org/oss-sec/2013/q3/117 http://seclists.org/oss-sec/2013/q3/120 https://git.reviewboard.kde.org/r/111261 • CWE-310: Cryptographic Issues •