Описание
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
Ссылки
- Broken LinkMailing ListThird Party Advisory
- Broken LinkMailing ListThird Party Advisory
- PatchVendor Advisory
- ExploitVendor Advisory
- Third Party Advisory
- Broken LinkMailing ListThird Party Advisory
- Broken LinkMailing ListThird Party Advisory
- PatchVendor Advisory
- ExploitVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG ...
The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.
EPSS
8.8 High
CVSS3
6.5 Medium
CVSS2