CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 1CVE-2015-7543
https://notcve.org/view.php?id=CVE-2015-7543
25 Jul 2017 — aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. aRts versión 1.5.10 y kdelibs3 versión 3.5.10 y anteriores, no crean apropiadamente los directorios temporales, lo que permite a los usuarios locales secuestrar la IPC mediante la creación previa del directorio temporal. • https://bugzilla.redhat.com/show_bug.cgi?id=1280543 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-8422 – KDE 4/5 - 'KAuth' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-8422
15 May 2017 — KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. KDelibs de KDE antes de 4.14.32 y KAuth antes de 5.34 permiten que los usuarios locales obtengan privilegios de root por spoofing de un callerID y aprovechando una aplicación de ayuda privilegiada. A privilege escalation flaw was found in the way kdelibs handled D-Bus messages. A local user could potentially use this flaw to gain root privileges by spoofin... • https://packetstorm.news/files/id/142638 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6410 – Ubuntu Security Notice USN-3223-1
https://notcve.org/view.php?id=CVE-2017-6410
02 Mar 2017 — kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. kpac/script.cpp en KDE kio en versiones anteriores a 5.32 y kdelibs en versiones anteriores a 4.14.30 llama a la función PAC FindProxyForURL con una URL https completa (incluyendo potencialmente credenciales de ... • http://www.debian.org/security/2017/dsa-3849 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 1CVE-2014-5033 – polkit-qt: insecure calling of polkit
https://notcve.org/view.php?id=CVE-2014-5033
31 Jul 2014 — KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." KDE kdelibs anterior a 4.14 y kauth anterior a 5.1 no utilizan debidamente D-Bus para la comunicación con una autoridad polkit, lo que permite a usuarios locales e... • http://lists.opensuse.org/opensuse-updates/2014-08/msg00012.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2013-2074 – Gentoo Linux Security Advisory 201406-34
https://notcve.org/view.php?id=CVE-2013-2074
29 May 2013 — kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message. kioslave/http/http.cpp en KIO en kdelibs 4.10.3 y anteriores permite a atacantes remotos descubrir credenciales a través de una solicitud manipulada que provoca un "internal server error," el cual incluye el nombre de usuario y contraseña en un mensaje de error. It was discovered that... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1094 – kdelibs: SSL certificate for IP address accepted as valid for hosts that resolve to the IP
https://notcve.org/view.php?id=CVE-2011-1094
16 Mar 2011 — kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. kio/kio/tcpslavebase.cpp de KDE KSSL de kdelibs en versiones anteriores a la 4.6.1 no verifica apropiadamente que el nombre del servido... • http://openwall.com/lists/oss-security/2011/03/08/13 • CWE-20: Improper Input Validation •