rpm package
suse/kdelibs4&distro=SUSE Package Hub 12 SP2
pkg:rpm/suse/kdelibs4&distro=SUSE%20Package%20Hub%2012%20SP2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-14744 | — | < 4.14.38-bp151.9.5.1 | 4.14.38-bp151.9.5.1 | Aug 7, 2019 | In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon | ||
| CVE-2017-8422 | Hig | 7.8 | < 4.14.25-8.2 | 4.14.25-8.2 | May 17, 2017 | KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. | |
| CVE-2017-6410 | Med | 5.5 | < 4.14.25-5.3 | 4.14.25-5.3 | Mar 2, 2017 | kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via |
- CVE-2019-14744Aug 7, 2019affected < 4.14.38-bp151.9.5.1fixed 4.14.38-bp151.9.5.1
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon
- affected < 4.14.25-8.2fixed 4.14.25-8.2
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
- affected < 4.14.25-5.3fixed 4.14.25-5.3
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via