CVE-2014-3494

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
opensuseopensuse
13.1
kdekdelibs
4.10.97
kdekdelibs
4.11.0
kdekdelibs
4.11.1
kdekdelibs
4.11.2
kdekdelibs
4.11.3
kdekdelibs
4.11.4
kdekdelibs
4.11.5
kdekdelibs
4.11.80
kdekdelibs
4.11.90
kdekdelibs
4.11.95
kdekdelibs
4.11.97
kdekdelibs
4.12.0
kdekdelibs
4.12.1
kdekdelibs
4.12.2
kdekdelibs
4.12.3
kdekdelibs
4.12.4
kdekdelibs
4.12.5
kdekdelibs
4.12.80
kdekdelibs
4.12.90
kdekdelibs
4.12.95
kdekdelibs
4.12.97
kdekdelibs
4.13.0
kdekdelibs
4.13.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kde4libs
trusty
Fixed 4:4.13.1-0ubuntu0.2
released
saucy
Fixed 4:4.11.5-0ubuntu0.3
released
precise
not-affected
lucid
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f
http://www.kde.org/info/security/advisory-20140618-1.txt
http://www.securityfocus.com/bid/68113
http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f
http://www.kde.org/info/security/advisory-20140618-1.txt
http://www.securityfocus.com/bid/68113