Skip to main content

Kdelibs

6 CVEs product

Monthly

CVE-2015-7543 HIGH POC This Week

aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Arts Kdelibs
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2017-8422 HIGH POC PATCH This Week

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Kauth Kdelibs
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
0.3%
CVE-2017-6410 MEDIUM PATCH This Month

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Kdelibs Kio
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2014-5033 MEDIUM POC This Month

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Race Condition Authentication Bypass Kde4Libs Ubuntu Linux Kauth +1
NVD
CVSS 2.0
6.9
EPSS
0.0%
CVE-2014-3494 MEDIUM POC This Month

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Opensuse Kdelibs
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-2074 MEDIUM This Month

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kdelibs
NVD
CVSS 2.0
5.0
EPSS
1.5%
EPSS 0% CVSS 7.0
HIGH POC This Week

aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Arts +1
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Kauth Kdelibs
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Kdelibs Kio
NVD
EPSS 0% CVSS 6.9
MEDIUM POC This Month

KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a. Rated medium severity (CVSS 6.9). Public exploit code available and no vendor patch available.

Race Condition Authentication Bypass Kde4Libs +3
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Opensuse Kdelibs
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kdelibs
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy