Описание
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-1511
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58629
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
- http://marc.info/?l=oss-security&m=127378789518426&w=2
- http://osvdb.org/64689
- http://secunia.com/advisories/39528
- http://secunia.com/advisories/39787
- http://secunia.com/secunia_research/2010-70
- http://securitytracker.com/id?1023984
- http://www.kde.org/info/security/advisory-20100513-1.txt
- http://www.securityfocus.com/archive/1/511279/100/0/threaded
- http://www.securityfocus.com/archive/1/511294/100/0/threaded
- http://www.securityfocus.com/bid/40141
- http://www.ubuntu.com/usn/USN-938-1
- http://www.vupen.com/english/advisories/2010/1142
- http://www.vupen.com/english/advisories/2010/1144
- http://www.vupen.com/english/advisories/2010/3096
EPSS
CVE ID
Связанные уязвимости
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request dow ...
EPSS