厂商或团体 kde 的搜索结果 (160)

CVE-2016-7967(发布:2016-12-23 17:59:00)NM
CVSS5.8

[原文]KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.

CVE-2016-7968(发布:2016-12-23 17:59:00)NM
CVSS7.5

[原文]KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed.

CVE-2016-7966(发布:2016-12-23 17:59:00)NMPS
CVSS7.5

[原文]Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign (=) or a space into the injected HTML, which greatly reduces the available HTML functionality. Although it is possible to include an HTML comment indicator to hide content.

CVE-2016-7787(发布:2016-12-23 17:59:00)NMS
CVSS4.0

[原文]A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

CVE-2016-2312(发布:2016-12-23 17:59:00)NMS
CVSS4.6

[原文]Turning all screens off in Plasma-workspace and kscreenlocker while the lock screen is shown can result in the screen being unlocked when turning a screen on again.

CVE-2016-6232(发布:2016-08-02 12:59:07)NMPS
CVSS5.0

[原文]Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file, related to KNewsstuff downloads.

首页上一页12345678下一页尾页 第2页 / 共27页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站