CVE-2014-3494

EUVD-2014-3499
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
opensuseopensuse
13.1
kdekdelibs
4.10.97
kdekdelibs
4.11.0
kdekdelibs
4.11.1
kdekdelibs
4.11.2
kdekdelibs
4.11.3
kdekdelibs
4.11.4
kdekdelibs
4.11.5
kdekdelibs
4.11.80
kdekdelibs
4.11.90
kdekdelibs
4.11.95
kdekdelibs
4.11.97
kdekdelibs
4.12.0
kdekdelibs
4.12.1
kdekdelibs
4.12.2
kdekdelibs
4.12.3
kdekdelibs
4.12.4
kdekdelibs
4.12.5
kdekdelibs
4.12.80
kdekdelibs
4.12.90
kdekdelibs
4.12.95
kdekdelibs
4.12.97
kdekdelibs
4.13.0
kdekdelibs
4.13.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kde4libs
lucid
ignored
precise
not-affected
saucy
Fixed 4:4.11.5-0ubuntu0.3
released
trusty
Fixed 4:4.13.1-0ubuntu0.2
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f
http://www.kde.org/info/security/advisory-20140618-1.txt
http://www.securityfocus.com/bid/68113
http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f
http://www.kde.org/info/security/advisory-20140618-1.txt
http://www.securityfocus.com/bid/68113