GCVE - cpe:2.3:a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:*

part: a version: 4.4.0 update: rc1

Vendor	Kde (`d8ba08cf-7ec1-5504-a5b9-f8cfa50ca850`)
Product	Kde Sc (`a5926000-7aa3-515f-acdf-69ed3f941c05`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-1586`	vulnerable	2026-06-03 14:31:02.786199	Details available Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. Published: 2011-04-27T00:00:00.000Z Updated: 2024-08-06T22:28:42.059Z Open on db.gcve.eu Reference links https://launchpad.net/bugs/757526 http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468 http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471&r2=1227470&pathrev=1227471 http://secunia.com/advisories/44124 http://openwall.com/lists/oss-security/2011/04/15/9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1168`	vulnerable	2026-06-03 14:30:59.118913	Details available Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site. Published: 2011-04-18T18:00:00.000Z Updated: 2024-08-06T22:14:27.829Z Open on db.gcve.eu Reference links http://www.vupen.com/english/advisories/2011/0990 http://www.mandriva.com/security/advisories?name=MDVSA-2011:075 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://www.securityfocus.com/archive/1/517433/100/0/threaded http://secunia.com/advisories/44108	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1511`	vulnerable	2026-06-03 14:30:15.203360	Details available KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. Published: 2010-05-17T20:42:00.000Z Updated: 2024-08-07T01:28:41.483Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/40141 http://www.ubuntu.com/usn/USN-938-1 http://www.securityfocus.com/archive/1/511279/100/0/threaded http://www.securityfocus.com/archive/1/511294/100/0/threaded http://www.vupen.com/english/advisories/2010/1144	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1000`	vulnerable	2026-06-03 14:30:11.933470	Details available Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. Published: 2010-05-17T20:42:00.000Z Updated: 2024-08-07T01:06:52.535Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/40141 http://www.ubuntu.com/usn/USN-938-1 http://www.vupen.com/english/advisories/2011/1101 http://secunia.com/advisories/42423 http://www.securityfocus.com/archive/1/511294/100/0/threaded	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.