4.3

CVE-2014-3494

Exploit
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseOpensuse Version13.1
KdeKdelibs Version4.10.97
KdeKdelibs Version4.11.0
KdeKdelibs Version4.11.1
KdeKdelibs Version4.11.2
KdeKdelibs Version4.11.3
KdeKdelibs Version4.11.4
KdeKdelibs Version4.11.5
KdeKdelibs Version4.11.80
KdeKdelibs Version4.11.90
KdeKdelibs Version4.11.95
KdeKdelibs Version4.11.97
KdeKdelibs Version4.12.0
KdeKdelibs Version4.12.1
KdeKdelibs Version4.12.2
KdeKdelibs Version4.12.3
KdeKdelibs Version4.12.4
KdeKdelibs Version4.12.5
KdeKdelibs Version4.12.80
KdeKdelibs Version4.12.90
KdeKdelibs Version4.12.95
KdeKdelibs Version4.12.97
KdeKdelibs Version4.13.0
KdeKdelibs Version4.13.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.71% 0.487
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f
Patch
Exploit
http://www.kde.org/info/security/advisory-20140618-1.txt
Vendor Advisory
http://www.securityfocus.com/bid/68113