Описание
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 4:4.4.85-0ubuntu2 |
| hardy | ignored | end of life |
| jaunty | not-affected | |
| karmic | not-affected | |
| lucid | released | 4:4.4.2-0ubuntu4.1 |
| upstream | needs-triage |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request dow ...
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
EPSS
6.4 Medium
CVSS2