GCVE - cpe:2.3:a:kde:kde_sc:4.0.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kde:kde_sc:4.0.0:*:*:*:*:*:*:*

part: a version: 4.0.0 update: *

Vendor	Kde (`d8ba08cf-7ec1-5504-a5b9-f8cfa50ca850`)
Product	Kde Sc (`a5926000-7aa3-515f-acdf-69ed3f941c05`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2011-1586`	vulnerable	2026-06-03 14:31:02.764527	Details available Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. Published: 2011-04-27T00:00:00.000Z Updated: 2024-08-06T22:28:42.059Z Open on db.gcve.eu Reference links https://launchpad.net/bugs/757526 http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468 http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471&r2=1227470&pathrev=1227471 http://secunia.com/advisories/44124 http://openwall.com/lists/oss-security/2011/04/15/9	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1511`	vulnerable	2026-06-03 14:30:15.202560	Details available KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. Published: 2010-05-17T20:42:00.000Z Updated: 2024-08-07T01:28:41.483Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/40141 http://www.ubuntu.com/usn/USN-938-1 http://www.securityfocus.com/archive/1/511279/100/0/threaded http://www.securityfocus.com/archive/1/511294/100/0/threaded http://www.vupen.com/english/advisories/2010/1144	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1000`	vulnerable	2026-06-03 14:30:11.911686	Details available Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. Published: 2010-05-17T20:42:00.000Z Updated: 2024-08-07T01:06:52.535Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/40141 http://www.ubuntu.com/usn/USN-938-1 http://www.vupen.com/english/advisories/2011/1101 http://secunia.com/advisories/42423 http://www.securityfocus.com/archive/1/511294/100/0/threaded	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.