CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-8422 – KDE 4/5 - 'KAuth' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-8422
15 May 2017 — KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. KDelibs de KDE antes de 4.14.32 y KAuth antes de 5.34 permiten que los usuarios locales obtengan privilegios de root por spoofing de un callerID y aprovechando una aplicación de ayuda privilegiada. A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofin... • https://packetstorm.news/files/id/142638 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6410 – Ubuntu Security Notice USN-3223-1
https://notcve.org/view.php?id=CVE-2017-6410
02 Mar 2017 — kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. kpac/script.cpp en KDE kio en versiones anteriores a 5.32 y kdelibs en versiones anteriores a 4.14.30 llama a la función PAC FindProxyForURL con una URL https completa (incluyendo potencialmente credenciales de ... • http://www.debian.org/security/2017/dsa-3849 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 1CVE-2014-5033 – polkit-qt: insecure calling of polkit
https://notcve.org/view.php?id=CVE-2014-5033
31 Jul 2014 — KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." KDE kdelibs anterior a 4.14 y kauth anterior a 5.1 no utilizan debidamente D-Bus para la comunicación con una autoridad polkit, lo que permite a usuarios locales e... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2013-2074 – Gentoo Linux Security Advisory 201406-34
https://notcve.org/view.php?id=CVE-2013-2074
29 May 2013 — kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message. kioslave/http/http.cpp en KIO en kdelibs 4.10.3 y anteriores permite a atacantes remotos descubrir credenciales a través de una solicitud manipulada que provoca un "internal server error," el cual incluye el nombre de usuario y contraseña en un mensaje de error. It was discovered that... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •