Search for packages
Package details: pkg:deb/debian/kde4libs@4:4.8.4-4%2Bdeb7u1
purl pkg:deb/debian/kde4libs@4:4.8.4-4%2Bdeb7u1
Next non-vulnerable version 4:4.14.26-2
Latest non-vulnerable version 4:4.14.26-2
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-9243-ckwg-aaap
Aliases:
CVE-2017-6410
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
4:4.14.2-5+deb8u2
Affected by 3 other vulnerabilities.
4:4.14.26-2
Affected by 0 other vulnerabilities.
VCID-g6rw-9kg2-aaad
Aliases:
CVE-2014-5033
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
4:4.14.2-5
Affected by 3 other vulnerabilities.
VCID-het3-uz92-aaah
Aliases:
CVE-2016-6232
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
4:4.14.2-5+deb8u2
Affected by 3 other vulnerabilities.
4:4.14.26-2
Affected by 0 other vulnerabilities.
VCID-p5qf-n6du-aaaf
Aliases:
CVE-2014-3494
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
4:4.14.2-5
Affected by 3 other vulnerabilities.
VCID-sygv-yxwa-aaac
Aliases:
CVE-2013-2074
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
4:4.14.2-5
Affected by 3 other vulnerabilities.
VCID-yg6r-axzc-aaar
Aliases:
CVE-2017-8422
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
4:4.14.2-5+deb8u2
Affected by 3 other vulnerabilities.
4:4.14.26-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-2gzz-6rpz-aaag kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. CVE-2011-1094
VCID-99ws-y1uc-aaar Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. CVE-2010-3170
VCID-faq9-s2nc-aaae Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site. CVE-2011-1168
VCID-g6rw-9kg2-aaad KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." CVE-2014-5033
VCID-wgs9-r7h8-aaaa The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. CVE-2011-3365

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T17:41:15.341298+00:00 Debian Oval Importer Fixing VCID-2gzz-6rpz-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:10:19.599329+00:00 Debian Oval Importer Fixing VCID-faq9-s2nc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:42:38.212569+00:00 Debian Oval Importer Affected by VCID-g6rw-9kg2-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:33:08.164780+00:00 Debian Oval Importer Fixing VCID-99ws-y1uc-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:29:21.944752+00:00 Debian Oval Importer Affected by VCID-het3-uz92-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:23:38.163904+00:00 Debian Oval Importer Fixing VCID-wgs9-r7h8-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:49:34.999755+00:00 Debian Oval Importer Affected by VCID-9243-ckwg-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:26:51.689976+00:00 Debian Oval Importer Affected by VCID-sygv-yxwa-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:30:09.653843+00:00 Debian Oval Importer Affected by VCID-p5qf-n6du-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:45:43.831489+00:00 Debian Oval Importer Affected by VCID-yg6r-axzc-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T10:11:48.532727+00:00 Debian Oval Importer Affected by VCID-yg6r-axzc-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T10:04:19.946031+00:00 Debian Oval Importer Affected by VCID-9243-ckwg-aaap https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T09:49:19.299193+00:00 Debian Oval Importer Affected by VCID-het3-uz92-aaah https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.3
2025-06-21T09:27:40.245098+00:00 Debian Oval Importer Fixing VCID-g6rw-9kg2-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.3
2025-06-21T00:41:53.370636+00:00 Debian Oval Importer Fixing VCID-2gzz-6rpz-aaag None 36.1.3
2025-06-21T00:41:44.805734+00:00 Debian Oval Importer Affected by VCID-p5qf-n6du-aaaf None 36.1.3
2025-06-21T00:09:51.319043+00:00 Debian Oval Importer Fixing VCID-wgs9-r7h8-aaaa None 36.1.3
2025-06-20T23:54:49.713604+00:00 Debian Oval Importer Fixing VCID-99ws-y1uc-aaar None 36.1.3
2025-06-20T23:02:05.957648+00:00 Debian Oval Importer Affected by VCID-sygv-yxwa-aaac None 36.1.3
2025-06-20T22:42:52.348125+00:00 Debian Oval Importer Fixing VCID-faq9-s2nc-aaae None 36.1.3
2025-06-20T21:50:33.980914+00:00 Debian Oval Importer Affected by VCID-yg6r-axzc-aaar None 36.1.3
2025-06-20T19:45:49.081166+00:00 Debian Oval Importer Affected by VCID-g6rw-9kg2-aaad None 36.1.3
2025-06-20T19:38:59.326677+00:00 Debian Oval Importer Affected by VCID-het3-uz92-aaah None 36.1.3
2025-06-20T19:36:34.268216+00:00 Debian Oval Importer Affected by VCID-9243-ckwg-aaap None 36.1.3
2025-06-20T19:31:15.219947+00:00 Debian Oval Importer Fixing VCID-g6rw-9kg2-aaad None 36.1.3
2025-06-08T10:14:37.124174+00:00 Debian Oval Importer Fixing VCID-2gzz-6rpz-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:52:19.175123+00:00 Debian Oval Importer Fixing VCID-faq9-s2nc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:27:54.973983+00:00 Debian Oval Importer Affected by VCID-g6rw-9kg2-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:27:39.459261+00:00 Debian Oval Importer Fixing VCID-99ws-y1uc-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:23:54.472981+00:00 Debian Oval Importer Affected by VCID-het3-uz92-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:18:11.791877+00:00 Debian Oval Importer Fixing VCID-wgs9-r7h8-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:42:57.930990+00:00 Debian Oval Importer Affected by VCID-9243-ckwg-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:20:51.855671+00:00 Debian Oval Importer Affected by VCID-sygv-yxwa-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:29:41.275178+00:00 Debian Oval Importer Affected by VCID-p5qf-n6du-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:00:48.667160+00:00 Debian Oval Importer Affected by VCID-yg6r-axzc-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:00:49.432498+00:00 Debian Oval Importer Affected by VCID-yg6r-axzc-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:53:28.233342+00:00 Debian Oval Importer Affected by VCID-9243-ckwg-aaap https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:37:58.676248+00:00 Debian Oval Importer Affected by VCID-het3-uz92-aaah https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.1.0
2025-06-08T03:15:50.267775+00:00 Debian Oval Importer Fixing VCID-g6rw-9kg2-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.1.0
2025-06-07T18:04:27.395636+00:00 Debian Oval Importer Fixing VCID-2gzz-6rpz-aaag None 36.1.0
2025-06-07T18:04:19.158988+00:00 Debian Oval Importer Affected by VCID-p5qf-n6du-aaaf None 36.1.0
2025-06-07T17:32:38.166678+00:00 Debian Oval Importer Fixing VCID-wgs9-r7h8-aaaa None 36.1.0
2025-06-07T17:17:41.659457+00:00 Debian Oval Importer Fixing VCID-99ws-y1uc-aaar None 36.1.0
2025-06-07T16:25:15.153422+00:00 Debian Oval Importer Affected by VCID-sygv-yxwa-aaac None 36.1.0
2025-06-07T16:06:46.549483+00:00 Debian Oval Importer Fixing VCID-faq9-s2nc-aaae None 36.1.0
2025-06-07T15:13:46.071614+00:00 Debian Oval Importer Affected by VCID-yg6r-axzc-aaar None 36.1.0
2025-06-07T13:37:53.567191+00:00 Debian Oval Importer Affected by VCID-g6rw-9kg2-aaad None 36.1.0
2025-06-07T13:33:14.383881+00:00 Debian Oval Importer Affected by VCID-het3-uz92-aaah None 36.1.0
2025-06-07T13:31:41.057592+00:00 Debian Oval Importer Affected by VCID-9243-ckwg-aaap None 36.1.0
2025-06-07T13:28:01.838801+00:00 Debian Oval Importer Fixing VCID-g6rw-9kg2-aaad None 36.1.0
2025-04-12T15:55:28.732489+00:00 Debian Oval Importer Fixing VCID-2gzz-6rpz-aaag https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:24:32.100775+00:00 Debian Oval Importer Fixing VCID-faq9-s2nc-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:00:19.084622+00:00 Debian Oval Importer Affected by VCID-g6rw-9kg2-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:59:02.091480+00:00 Debian Oval Importer Fixing VCID-99ws-y1uc-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:55:16.317762+00:00 Debian Oval Importer Affected by VCID-het3-uz92-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:49:31.686096+00:00 Debian Oval Importer Fixing VCID-wgs9-r7h8-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:15:26.789986+00:00 Debian Oval Importer Affected by VCID-9243-ckwg-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:53:09.523402+00:00 Debian Oval Importer Affected by VCID-sygv-yxwa-aaac https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:00:56.874372+00:00 Debian Oval Importer Affected by VCID-p5qf-n6du-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:31:44.186947+00:00 Debian Oval Importer Affected by VCID-yg6r-axzc-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T02:29:04.379419+00:00 Debian Oval Importer Affected by VCID-yg6r-axzc-aaar https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T02:21:18.760358+00:00 Debian Oval Importer Affected by VCID-9243-ckwg-aaap https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T02:05:43.861425+00:00 Debian Oval Importer Affected by VCID-het3-uz92-aaah https://www.debian.org/security/oval/oval-definitions-jessie.xml.bz2 36.0.0
2025-04-08T01:43:15.371867+00:00 Debian Oval Importer Fixing VCID-g6rw-9kg2-aaad https://www.debian.org/security/oval/oval-definitions-wheezy.xml.bz2 36.0.0
2025-04-07T16:41:32.255465+00:00 Debian Oval Importer Fixing VCID-2gzz-6rpz-aaag None 36.0.0
2025-04-07T16:41:23.280593+00:00 Debian Oval Importer Affected by VCID-p5qf-n6du-aaaf None 36.0.0
2025-04-07T16:07:15.033265+00:00 Debian Oval Importer Fixing VCID-wgs9-r7h8-aaaa None 36.0.0
2025-04-07T15:51:37.296851+00:00 Debian Oval Importer Fixing VCID-99ws-y1uc-aaar None 36.0.0
2025-04-07T14:57:09.376856+00:00 Debian Oval Importer Affected by VCID-sygv-yxwa-aaac None 36.0.0
2025-04-07T14:38:01.042462+00:00 Debian Oval Importer Fixing VCID-faq9-s2nc-aaae None 36.0.0
2025-04-07T13:45:24.728048+00:00 Debian Oval Importer Affected by VCID-yg6r-axzc-aaar None 36.0.0
2025-04-07T12:13:19.120151+00:00 Debian Oval Importer Affected by VCID-g6rw-9kg2-aaad None 36.0.0
2025-04-07T12:08:40.235716+00:00 Debian Oval Importer Affected by VCID-het3-uz92-aaah None 36.0.0
2025-04-07T12:07:06.291444+00:00 Debian Oval Importer Affected by VCID-9243-ckwg-aaap None 36.0.0
2025-04-07T12:03:32.978125+00:00 Debian Oval Importer Fixing VCID-g6rw-9kg2-aaad None 36.0.0