Search for packages
Package details: pkg:deb/ubuntu/kde4libs@4:4.9.3-0ubuntu2
purl pkg:deb/ubuntu/kde4libs@4:4.9.3-0ubuntu2
Next non-vulnerable version 4:4.14.38-0ubuntu3.1
Latest non-vulnerable version 4:4.14.38-0ubuntu3.1
Risk 10.0
Vulnerabilities affecting this package (6)
Vulnerability Summary Fixed by
VCID-9243-ckwg-aaap
Aliases:
CVE-2017-6410
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
4:4.13.3-0ubuntu0.4
Affected by 3 other vulnerabilities.
4:4.14.16-0ubuntu3.1
Affected by 3 other vulnerabilities.
VCID-ezms-uxg1-aaar
Aliases:
CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
4:4.14.38-0ubuntu3.1
Affected by 0 other vulnerabilities.
VCID-g6rw-9kg2-aaad
Aliases:
CVE-2014-5033
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions."
4:4.13.2a-0ubuntu0.3
Affected by 4 other vulnerabilities.
VCID-het3-uz92-aaah
Aliases:
CVE-2016-6232
Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.
4:4.13.3-0ubuntu0.3
Affected by 3 other vulnerabilities.
4:4.14.34-0ubuntu2
Affected by 1 other vulnerability.
VCID-p5qf-n6du-aaaf
Aliases:
CVE-2014-3494
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
4:4.13.1-0ubuntu0.2
Affected by 5 other vulnerabilities.
VCID-yg6r-axzc-aaar
Aliases:
CVE-2017-8422
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
4:4.13.3-0ubuntu0.5
Affected by 3 other vulnerabilities.
4:4.14.16-0ubuntu3.2
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version