Vulnerability Details : CVE-2010-1511
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
Exploit prediction scoring system (EPSS) score for CVE-2010-1511
Probability of exploitation activity in the next 30 days: 0.83%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-1511
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2010-1511
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1511
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
[SECURITY] Fedora 12 Update: kdenetwork-4.4.5-4.fc12
-
http://www.vupen.com/english/advisories/2010/1144
Webmail | OVH- OVHVendor Advisory
-
http://marc.info/?l=oss-security&m=127378789518426&w=2
'[oss-security] KDENetwork vulnerabilities' - MARC
-
http://www.vupen.com/english/advisories/2010/1142
Webmail | OVH- OVHVendor Advisory
-
http://www.ubuntu.com/usn/USN-938-1
USN-938-1: KDENetwork vulnerabilities | Ubuntu security notices
-
http://www.vupen.com/english/advisories/2010/3096
Webmail | OVH- OVHVendor Advisory
-
http://securitytracker.com/id?1023984
KDE KGet Contains File Overwrite and Directory Traversal Bugs - SecurityTracker
-
http://www.securityfocus.com/bid/40141
KDE KGet Security Bypass and Directory Traversal Vulnerabilities
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/58629
KDE metalink file overwrite CVE-2010-1511 Vulnerability Report
-
http://www.kde.org/info/security/advisory-20100513-1.txt
Vendor Advisory
-
http://www.securityfocus.com/archive/1/511294/100/0/threaded
SecurityFocus
-
http://www.securityfocus.com/archive/1/511279/100/0/threaded
SecurityFocus
Products affected by CVE-2010-1511
- cpe:2.3:a:kde:kde_sc:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:3.5.10:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.80:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.85:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.2:rc:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.0:rc:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.4.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.96:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.2:beta2:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.0.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:kde:kde_sc:4.1.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:kde:kget:2.4.2:*:*:*:*:*:*:*