cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:*
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
Source: MITRE
Max CVSS
7.8
EPSS Score
0.04%
Published
2017-05-17
Updated
2019-10-03
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
Source: MITRE
Max CVSS
5.5
EPSS Score
0.32%
Published
2017-03-02
Updated
2019-10-03
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
Source: MITRE
Max CVSS
6.9
EPSS Score
0.04%
Published
2014-08-19
Updated
2014-10-16
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
Source: Red Hat, Inc.
Max CVSS
4.3
EPSS Score
0.11%
Published
2014-07-01
Updated
2018-10-30
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!