CVE-2018-19120

Опубликовано: 29 нояб. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1649420
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/
https://bugzilla.redhat.com/show_bug.cgi?id=1649420
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kde:kde_applications:*:*:*:*:*:*:*:*

Версия до 18.12.0 (исключая)

EPSS

Процентиль: 50%

0.00265

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2018-19120

CVSS3: 7.5

ubuntu

около 7 лет назад

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.

CVE-2018-19120

CVSS3: 7.5

debian

около 7 лет назад

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows ...

GHSA-39rp-qwx2-562v

CVSS3: 7.5

github

больше 3 лет назад

The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.

EPSS

Процентиль: 50%

0.00265

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200