Search
Find a vulnerability
Search criteria
2 vulnerabilities found for kget by kde
CVE-2010-1511 (GCVE-0-2010-1511)
Vulnerability from nvd – Published: 2010-05-17 20:42 – Updated: 2024-08-07 01:28
VLAI
Summary
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
Date Public
2010-05-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2010-70/"
},
{
"name": "kde-metalink-file-overwrite(58629)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "1023984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "64689",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64689"
},
{
"name": "39787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "40141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2010-70/"
},
{
"name": "kde-metalink-file-overwrite(58629)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "1023984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "64689",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64689"
},
{
"name": "39787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-1511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"name": "http://secunia.com/secunia_research/2010-70/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-70/"
},
{
"name": "kde-metalink-file-overwrite(58629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
},
{
"name": "http://www.kde.org/info/security/advisory-20100513-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "1023984",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "64689",
"refsource": "OSVDB",
"url": "http://osvdb.org/64689"
},
{
"name": "39787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2010-1511",
"datePublished": "2010-05-17T20:42:00.000Z",
"dateReserved": "2010-04-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:28:41.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1511 (GCVE-0-2010-1511)
Vulnerability from cvelistv5 – Published: 2010-05-17 20:42 – Updated: 2024-08-07 01:28
VLAI
Summary
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
Date Public
2010-05-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:41.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "40141",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2010-70/"
},
{
"name": "kde-metalink-file-overwrite(58629)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "1023984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "64689",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64689"
},
{
"name": "39787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "40141",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2010-70/"
},
{
"name": "kde-metalink-file-overwrite(58629)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "1023984",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "64689",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64689"
},
{
"name": "39787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39787"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2010-1511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40141"
},
{
"name": "USN-938-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-938-1"
},
{
"name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
},
{
"name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
},
{
"name": "ADV-2010-1144",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1144"
},
{
"name": "http://secunia.com/secunia_research/2010-70/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2010-70/"
},
{
"name": "kde-metalink-file-overwrite(58629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
},
{
"name": "http://www.kde.org/info/security/advisory-20100513-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
},
{
"name": "ADV-2010-3096",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3096"
},
{
"name": "FEDORA-2010-18029",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
},
{
"name": "[oss-security] 20100513 KDENetwork vulnerabilities",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
},
{
"name": "39528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39528"
},
{
"name": "ADV-2010-1142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1142"
},
{
"name": "1023984",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023984"
},
{
"name": "64689",
"refsource": "OSVDB",
"url": "http://osvdb.org/64689"
},
{
"name": "39787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39787"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2010-1511",
"datePublished": "2010-05-17T20:42:00.000Z",
"dateReserved": "2010-04-26T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:28:41.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}