FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0baee383-356c-11e7-b9a9-50e549ebab6ckauth: Local privilege escalation

Albert Astals Cid reports:

KAuth contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.


Discovery 2017-05-10
Entry 2017-05-10
kdelibs
< 4.14.30_4

kf5-kauth
< 5.33.0_1

CVE-2017-8422
http://www.openwall.com/lists/oss-security/2017/05/10/3
https://www.kde.org/info/security/advisory-20170510-1.txt
d8fbf13a-6215-11db-a59e-0211d85f11fbkdelibs -- integer overflow in khtml

Red Hat reports:

An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim.


Discovery 2006-10-14
Entry 2006-10-22
kdelibs
kdelibs-nocups
< 3.5.4_4

qt
qt-copy
< 3.3.6_3

CVE-2006-4811
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742
http://rhn.redhat.com/errata/RHSA-2006-0720.html
29dd0065-81fa-11d9-a9e7-0001020eed82kdelibs -- insecure temporary file creation

Davide Madrisan reports:

The `dcopidlng' script in the KDE library package (kdelibs-3.3.2/dcop/dcopidlng/dcopidlng) creates temporary files in a unsecure manner.

Note: dcopidlng is only used at build time, so only users installing KDE are vulnerable, not users already running KDE.


Discovery 2005-01-21
Entry 2005-02-18
Modified 2005-02-20
kdelibs
ja-kdelibs
< 3.3.2_5

CVE-2005-0365
http://bugs.kde.org/show_bug.cgi?id=97608
http://marc.theaimsgroup.com/?l=bugtraq&m=110814653804757
972697a7-9a42-11d9-a256-0001020eed82kdelibs -- local DCOP denial of service vulnerability

A KDE Security Advisory reports:

Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol (DCOP) daemon better known as dcopserver.

A local user can lock up the dcopserver of arbitrary other users on the same machine. This can cause a significant reduction in desktop functionality for the affected users including, but not limited to, the inability to browse the internet and the inability to start new applications.


Discovery 2005-03-16
Entry 2005-03-21
ja-kdelibs
kdelibs-nocups
kdelibs
< 3.4.0

CVE-2005-0396
http://www.kde.org/info/security/advisory-20050316-1.txt
832e9d75-5bfc-11d9-a9e7-0001020eed82kdelibs3 -- konqueror FTP command injection vulnerability

Albert Puigsech Galicia reports that Konqueror (more specifically kio_ftp) and Microsoft Internet Explorer are vulnerable to a FTP command injection vulnerability which can be exploited by tricking an user into clicking a specially crafted FTP URI.

It is also reported by Ian Gulliver and Emanuele Balla that this vulnerability can be used to tricking a client into sending out emails without user interaction.


Discovery 2004-12-01
Entry 2005-01-01
Modified 2005-01-04
ja-kdelibs
kdelibs
< 3.3.2_2

11827
CVE-2004-1165
http://marc.theaimsgroup.com/?l=bugtraq&m=110245752232681
http://marc.theaimsgroup.com/?l=full-disclosure&m=110387390226693
http://marc.theaimsgroup.com/?l=full-disclosure&m=110390734925183
http://www.kde.org/info/security/advisory-20050101-1.txt
2f90556f-18c6-11e4-9cc4-5453ed2e2b49kdelibs -- KAuth PID Reuse Flaw

Martin Sandsmark reports:

The KAuth framework uses polkit-1 API which tries to authenticate using the requestors PID. This is prone to PID reuse race conditions.

This potentially allows a malicious application to pose as another for authentication purposes when executing privileged actions.


Discovery 2014-07-30
Entry 2014-07-31
kdelibs
< 4.12.5_3

CVE-2014-5033
http://lists.kde.org/?l=kde-announce&m=140674898412923&w=2
2797b27a-f55b-11d8-81b0-000347a4fa7dkdelibs -- konqueror cross-domain cookie injection

According to a KDE Security Advisory:

WESTPOINT internet reconnaissance services alerted the KDE security team that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains.

Web sites operating under the affected domains can set HTTP cookies in such a way that the Konqueror web browser will send them to all other web sites operating under the same domain. A malicious website can use this as part of a session fixation attack. See e.g. http://www.acros.si/papers/session_fixation.pdf

Affected are all country specific secondary top level domains that use more than 2 characters in the secondary part of the domain name and that use a secondary part other than com, net, mil, org, gov, edu or int. Examples of affected domains are .ltd.uk, .plc.uk and .firm.in

It should be noted that popular domains such as .co.uk, .co.in and .com are NOT affected.


Discovery 2004-08-23
Entry 2004-08-26
kdelibs
< 3.2.3_3

CVE-2004-0746
http://www.kde.org/info/security/advisory-20040823-1.txt
http://www.osvdb.org/9117
http://secunia.com/advisories/12341
http://www.acros.si/papers/session_fixation.pdf
10991
b0911985-6e2a-11d9-9557-000a95bc6faeweb browsers -- window injection vulnerabilities

A Secunia Research advisory reports:

Secunia Research has reported a vulnerability in multiple browsers, which can be exploited by malicious people to spoof the content of websites.

The problem is that a website can inject content into another site's window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_window_injection_vulnerability_test/

A workaround for Mozilla-based browsers is available.


Discovery 2004-12-08
Entry 2005-01-24
Modified 2005-02-26
firefox
< 1.0.1,1

mozilla
< 1.7.6,2

linux-mozilla
linux-mozilla-devel
< 1.7.6

de-linux-mozillafirebird
el-linux-mozillafirebird
ja-linux-mozillafirebird-gtk1
ja-mozillafirebird-gtk2
linux-mozillafirebird
ru-linux-mozillafirebird
zhCN-linux-mozillafirebird
zhTW-linux-mozillafirebird
de-netscape7
fr-netscape7
ja-netscape7
netscape7
pt_BR-netscape7
mozilla-gtk1
ge 0

de-linux-netscape
fr-linux-netscape
ja-linux-netscape
linux-netscape
linux-phoenix
mozilla+ipv6
mozilla-embedded
mozilla-firebird
mozilla-gtk2
mozilla-gtk
mozilla-thunderbird
phoenix
ge 0

kdebase
kdelibs
< 3.3.2

opera
opera-devel
linux-opera
< 7.54.20050131

http://secunia.com/secunia_research/2004-13/advisory/
http://secunia.com/multiple_browsers_window_injection_vulnerability_test/
CVE-2004-1156
http://secunia.com/advisories/13129/
https://bugzilla.mozilla.org/show_bug.cgi?id=273699
https://bugzilla.mozilla.org/show_bug.cgi?id=103638
http://mozillanews.org/?article_date=2004-12-08+06-48-46
CVE-2004-1157
http://secunia.com/advisories/13253/
CVE-2004-1158
http://secunia.com/advisories/13254/
http://www.kde.org/info/security/advisory-20041213-1.txt
CVE-2004-1160
http://secunia.com/advisories/13402/
603fe36d-ec9d-11d8-b913-000c41e2cdadkdelibs insecure temporary file handling

According to a KDE Security Advisory, KDE may sometimes create temporary files without properly checking the ownership and type of the target path. This could allow a local attacker to cause KDE applications to overwrite arbitrary files.


Discovery 2004-08-11
Entry 2004-08-12
kdelibs
le 3.2.3_3

CVE-2004-0689
CVE-2004-0690
http://www.kde.org/info/security/advisory-20040811-1.txt
http://www.kde.org/info/security/advisory-20040811-2.txt
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-kstandarddirs.patch
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-dcopserver.patch
641859e8-eca1-11d8-b913-000c41e2cdadMutiple browser frame injection vulnerability

A class of bugs affecting many web browsers in the same way was discovered. A Secunia advisory reports:

The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.

Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.

A KDE Security Advisory reports:

A malicious website could abuse Konqueror to insert its own frames into the page of an otherwise trusted website. As a result the user may unknowingly send confidential information intended for the trusted website to the malicious website.

Secunia has provided a demonstration of the vulnerability at http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/.


Discovery 2004-08-11
Entry 2004-08-12
Modified 2004-09-14
kdelibs
< 3.2.3_3

kdebase
< 3.2.3_1

linux-opera
opera
ge 7.50 lt 7.52

firefox
< 0.9

linux-mozilla
linux-mozilla-devel
mozilla-gtk1
< 1.7

mozilla
< 1.7,2

netscape7
< 7.2

CVE-2004-0717
CVE-2004-0718
CVE-2004-0721
http://secunia.com/advisories/11978/
http://bugzilla.mozilla.org/show_bug.cgi?id=246448
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdelibs-htmlframes.patch
ftp://ftp.kde.org/pub/kde/security_patches/post-3.2.3-kdebase-htmlframes.patch
4472ab39-6c66-11e6-9ca5-50e549ebab6ckdelibs -- directory traversal vulnerability

David Faure reports:

A maliciously crafted archive (.zip or .tar.bz2) with "../" in the file paths could be offered for download via the KNewStuff framework (e.g. on www.kde-look.org), and upon extraction would install files anywhere in the user's home directory.


Discovery 2016-07-24
Entry 2016-08-27
kdelibs
< 4.14.10_7

CVE-2016-6232
https://www.kde.org/info/security/advisory-20160724-1.txt
df333ede-a8ce-11d8-9c6d-0020ed76ef5aURI handler vulnerabilities in several browsers

Karol Wiesek and Greg MacManus reported via iDEFENSE that the Opera web browser contains a flaw in the handling of certain URIs. When presented with these URIs, Opera would invoke external commands to process them after some validation. However, if the hostname component of a URI begins with a `-', it may be treated as an option by an external command. This could have undesirable side-effects, from denial-of-service to code execution. The impact is very dependent on local configuration.

After the iDEFENSE advisory was published, the KDE team discovered similar problems in KDE's URI handlers.


Discovery 2004-05-12
Entry 2004-05-18
linux-opera
opera
< 7.50

kdelibs
< 3.2.2_3

CVE-2004-0411
http://www.idefense.com/application/poi/display?id=104&type=vulnerabilities
http://www.kde.org/info/security/advisory-20040517-1.txt
http://freebsd.kde.org/index.php#n20040517
14ad2a28-66d2-11dc-b25f-02e0185f8d72konquerer -- address bar spoofing

The KDE development team reports:

The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL.


Discovery 2007-09-14
Entry 2007-09-19
kdebase
< 3.5.7_3

kdelibs
< 3.5.7_2

CVE-2007-3820
CVE-2007-4224
CVE-2007-4225
http://www.kde.org/info/security/advisory-20070914-1.txt
4593cb09-4c81-11d9-983e-000c6e8f12efkonqueror -- Password Disclosure for SMB Shares

When browsing SMB shares with Konqueror, shares with authentication show up with hidden password in the browser bar. It is possible to store the URL as a shortcut on the desktop where the password is then available in plain text.


Discovery 2004-10-06
Entry 2004-12-12
Modified 2005-01-13
kdebase
kdelibs
ge 3.2.0 le 3.3.1

CVE-2004-1171
305294
http://www.kde.org/info/security/advisory-20041209-1.txt
http://marc.theaimsgroup.com/?l=bugtraq&m=110178786809694
f714d8ab-028e-11e7-8042-50e549ebab6ckio: Information Leak when accessing https when using a malicious PAC file

Albert Astals Cid reports:

Using a malicious PAC file, and then using exfiltration methods in the PAC function FindProxyForURL() enables the attacker to expose full https URLs.

This is a security issue since https URLs may contain sensitive information in the URL authentication part (user:password@host), and in the path and the query (e.g. access tokens).

This attack can be carried out remotely (over the LAN) since proxy settings allow "Detect Proxy Configuration Automatically". This setting uses WPAD to retrieve the PAC file, and an attacker who has access to the victim's LAN can interfere with the WPAD protocols (DHCP/DNS+HTTP) and inject his/her own malicious PAC instead of the legitimate one.


Discovery 2017-02-28
Entry 2017-03-11
kdelibs
< 4.14.29_10

kf5-kio
< 5.31.0_1

https://www.kde.org/info/security/advisory-20170228-1.txt
06404241-b306-11d9-a788-0001020eed82kdelibs -- kimgio input validation errors

A KDE Security Advisory reports:

kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.

Impact: Remotely supplied, specially crafted image files can be used to execute arbitrary code.


Discovery 2005-04-21
Entry 2005-04-22
kdelibs
ge 3.2 lt 3.4.0_2

CVE-2005-1046
http://bugs.kde.org/102328
http://www.kde.org/info/security/advisory-20050421-1.txt