FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0baee383-356c-11e7-b9a9-50e549ebab6ckauth: Local privilege escalation

Albert Astals Cid reports:

KAuth contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.


Discovery 2017-05-10
Entry 2017-05-10
kdelibs
< 4.14.30_4

kf5-kauth
< 5.33.0_1

CVE-2017-8422
http://www.openwall.com/lists/oss-security/2017/05/10/3
https://www.kde.org/info/security/advisory-20170510-1.txt
e8bcac84-2d5c-11e9-9a74-e0d55e2a8bf9kf5-kauth -- Insecure handling of arguments in helpers

Albert Astals Cid reports:

KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus.

Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugin


Discovery 2019-02-09
Entry 2019-02-10
kf5-kauth
< 5.54.0_2

https://www.kde.org/info/security/advisory-20190209-1.txt
CVE-2019-7443