GCVE - cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Kde (`d8ba08cf-7ec1-5504-a5b9-f8cfa50ca850`)
Product	Kdelibs (`c47952ae-c524-51f6-aa27-0e7c9fa910fe`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/kde/kdelibs`	purl2cpe	2026-06-01 10:14:05.863676

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-8422`	vulnerable	2026-06-03 14:37:39.983572	Details available KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. Published: 2017-05-17T14:00:00.000Z Updated: 2024-08-05T16:34:22.978Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1038480 https://www.exploit-db.com/exploits/42053/ https://www.kde.org/info/security/advisory-20170510-1.txt https://bugzilla.redhat.com/show_bug.cgi?id=1449647 http://www.securityfocus.com/bid/98412	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-6410`	vulnerable	2026-06-03 14:37:27.694144	Details available kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file. Published: 2017-03-02T06:00:00.000Z Updated: 2024-08-05T15:25:49.302Z Open on db.gcve.eu Reference links http://www.debian.org/security/2017/dsa-3849 http://www.securityfocus.com/bid/96515 https://www.kde.org/info/security/advisory-20170228-1.txt	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7543`	vulnerable	2026-06-03 14:35:09.292284	Details available aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. Published: 2017-07-25T14:00:00.000Z Updated: 2024-08-06T07:51:28.630Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=1280543	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-5033`	vulnerable	2026-06-03 14:34:05.300190	Details available KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, related to CVE-2013-4288 and "PID reuse race conditions." Published: 2014-08-19T18:00:00.000Z Updated: 2024-08-06T11:34:37.288Z Open on db.gcve.eu Reference links http://secunia.com/advisories/60385 http://rhn.redhat.com/errata/RHSA-2014-1359.html http://www.debian.org/security/2014/dsa-3004 http://www.ubuntu.com/usn/USN-2304-1 http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-2074`	vulnerable	2026-06-03 14:32:53.595568	Details available kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message. Published: 2014-02-05T19:00:00.000Z Updated: 2024-08-06T15:27:39.169Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2013/05/10/4 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776 https://bugzilla.redhat.com/show_bug.cgi?id=961981 https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp http://www.openwall.com/lists/oss-security/2013/05/11/2	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.