CVE-2010-1511

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:P
flexeraCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
kdekget
2.4.2
kdekde_sc
2.2.0
kdekde_sc
3.5.10
kdekde_sc
4.0.0
kdekde_sc
4.0.0:alpha1
kdekde_sc
4.0.0:alpha2
kdekde_sc
4.0.0:beta1
kdekde_sc
4.0.0:beta2
kdekde_sc
4.0.0:beta3
kdekde_sc
4.0.0:beta4
kdekde_sc
4.0.0:rc1
kdekde_sc
4.0.0:rc2
kdekde_sc
4.0.1
kdekde_sc
4.0.2
kdekde_sc
4.0.3
kdekde_sc
4.0.4
kdekde_sc
4.0.5
kdekde_sc
4.1.0
kdekde_sc
4.1.0:alpha1
kdekde_sc
4.1.0:beta1
kdekde_sc
4.1.0:beta2
kdekde_sc
4.1.0:rc
kdekde_sc
4.1.1
kdekde_sc
4.1.2
kdekde_sc
4.1.3
kdekde_sc
4.1.4
kdekde_sc
4.1.80
kdekde_sc
4.1.85
kdekde_sc
4.1.96
kdekde_sc
4.2:beta2
kdekde_sc
4.2:rc
kdekde_sc
4.2.0
kdekde_sc
4.2.1
kdekde_sc
4.2.2
kdekde_sc
4.2.3
kdekde_sc
4.2.4
kdekde_sc
4.3.0
kdekde_sc
4.3.0:beta1
kdekde_sc
4.3.0:beta3
kdekde_sc
4.3.0:rc1
kdekde_sc
4.3.0:rc2
kdekde_sc
4.3.0:rc3
kdekde_sc
4.3.1
kdekde_sc
4.3.2
kdekde_sc
4.3.3
kdekde_sc
4.3.4
kdekde_sc
4.3.5
kdekde_sc
4.4.0
kdekde_sc
4.4.0:beta1
kdekde_sc
4.4.0:beta2
kdekde_sc
4.4.0:rc1
kdekde_sc
4.4.0:rc2
kdekde_sc
4.4.0:rc3
kdekde_sc
4.4.1
kdekde_sc
4.4.2
kdekde_sc
4.4.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kdenetwork
lucid
Fixed 4:4.4.2-0ubuntu4.1
released
karmic
not-affected
jaunty
not-affected
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
http://marc.info/?l=oss-security&m=127378789518426&w=2
http://osvdb.org/64689
http://secunia.com/advisories/39528
http://secunia.com/advisories/39787
http://secunia.com/secunia_research/2010-70/
http://securitytracker.com/id?1023984
http://www.kde.org/info/security/advisory-20100513-1.txt
http://www.securityfocus.com/archive/1/511279/100/0/threaded
http://www.securityfocus.com/archive/1/511294/100/0/threaded
http://www.securityfocus.com/bid/40141
http://www.ubuntu.com/usn/USN-938-1
http://www.vupen.com/english/advisories/2010/1142
http://www.vupen.com/english/advisories/2010/1144
http://www.vupen.com/english/advisories/2010/3096
https://exchange.xforce.ibmcloud.com/vulnerabilities/58629
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
http://marc.info/?l=oss-security&m=127378789518426&w=2
http://osvdb.org/64689
http://secunia.com/advisories/39528
http://secunia.com/advisories/39787
http://secunia.com/secunia_research/2010-70/
http://securitytracker.com/id?1023984
http://www.kde.org/info/security/advisory-20100513-1.txt
http://www.securityfocus.com/archive/1/511279/100/0/threaded
http://www.securityfocus.com/archive/1/511294/100/0/threaded
http://www.securityfocus.com/bid/40141
http://www.ubuntu.com/usn/USN-938-1
http://www.vupen.com/english/advisories/2010/1142
http://www.vupen.com/english/advisories/2010/1144
http://www.vupen.com/english/advisories/2010/3096
https://exchange.xforce.ibmcloud.com/vulnerabilities/58629