Fabian Vogt

**Name of the Vulnerable Software and Affected Versions** grub2 (affected versions not specified) **Description** The issue is related to grub2, where attackers with access to the grub shell can access files on encrypted disks. This is due to incorrectly used standard permissions. Exploitation of the issue may allow an attacker to bypass security restrictions and gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KDE Plasma Workspace versions prior to 5.27.11.1 KDE Plasma Workspace 6.x versions prior to 6.0.5.1 **Description** The issue allows connections via ICE based purely on the host, i.e., all local connections are accepted. This enables another user on the same machine to gain access to the session manager. A well-crafted client could use the session restore feature to execute arbitrary code as the victim on the next boot via earlier use of the /tmp directory. **Recommendations** For KDE Plasma Workspace versions prior to 5.27.11.1, update to version 5.27.11.1 or later. For KDE Plasma Workspace 6.x versions prior to 6.0.5.1, update to version 6.0.5.1 or later. As a temporary workaround, consider restricting access to the session manager to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** KDE Kate versions prior to 21.12.2 KTextEditor versions prior to 5.91.0 **Description** The issue is related to insufficient input validation in the Language Server Protocol plugin. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The plugin tries to execute the associated LSP server binary when opening a file of a given type. If the binary is absent from the PATH, it will attempt to run the LSP server binary in the directory of the file that was just opened, which can be an untrusted directory due to a misunderstanding of the QProcess API. **Recommendations** For KDE Kate versions prior to 21.12.2, update to version 21.12.2 or later to resolve the issue. For KTextEditor versions prior to 5.91.0, update to version 5.91.0 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted directories to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SDDM versions prior to 0.19.0 Description: The issue is related to the incorrect start of the X server by SDDM, allowing local unprivileged users to create a connection to the X server without proper authentication for a short time period. This is caused by a race condition during Xauthority file creation, which can allow a local attacker to access X server display contents, intercept keystrokes, or access the clipboard. Recommendations: For SDDM versions prior to 0.19.0, update to version 0.19.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the X server to minimize the risk of exploitation. Avoid using SDDM until the issue is resolved. At the moment, there is information about a newer version that contains a fix for this vulnerability, which is SDDM 0.19.0.

Name of the Vulnerable Software and Affected Versions: KDE Ark versions prior to 20.08.1 Description: The issue is related to the `emitEntryFromArchiveEntry` function in `libarchiveplugin.cpp` of the Ark archiver, which incorrectly defines a link before accessing a file. This can be exploited by a remote attacker using a specially crafted tar archive, potentially allowing them to impact data integrity. The vulnerability can be used to install files outside the extraction directory, as demonstrated by a write operation to a user's home directory. Recommendations: For versions prior to 20.08.1, update to version 20.08.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of tar archives with symlinks until a patch is applied. Restrict access to sensitive directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Qt versions prior to 5.5 **Description** The issue concerns a flaw in the BMP decoder within QtGui in Qt, where it fails to correctly calculate masks for extracting color components. This flaw can be exploited by remote attackers using a specially crafted BMP file, leading to a denial of service through a divide-by-zero error that causes the application to crash. **Recommendations** For versions prior to 5.5, update to version 5.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Qt versions prior to 4.8.7 Qt 5.x versions prior to 5.4.2 **Description** The issue is related to multiple buffer overflows in the gui/image/qgifhandler.cpp file within the QtBase module. This can be triggered by remote attackers using a crafted GIF image, potentially leading to a denial of service (segmentation fault) and possibly allowing the execution of arbitrary code. **Recommendations** For Qt versions prior to 4.8.7, update to version 4.8.7 or later. For Qt 5.x versions prior to 5.4.2, update to version 5.4.2 or later.

**Name of the Vulnerable Software and Affected Versions** Qt versions prior to 4.8.7 Qt 5.x versions prior to 5.4.2 **Description** The issue is related to multiple buffer overflows in the QtBase module, specifically in the qicohandler.cpp file, which handles ICO image formats. This can be exploited by remote attackers using a crafted ICO image, potentially leading to a denial of service (causing a segmentation fault and crash) and possibly allowing the execution of arbitrary code. **Recommendations** For Qt versions prior to 4.8.7, update to version 4.8.7 or later. For Qt 5.x versions prior to 5.4.2, update to version 5.4.2 or later.

**Name of the Vulnerable Software and Affected Versions** Qt versions prior to 4.8.7 Qt 5.x versions prior to 5.4.2 **Description** The issue is related to multiple buffer overflows in the gui/image/qbmphandler.cpp file within the QtBase module. This can be exploited by remote attackers using a crafted BMP image, potentially leading to a denial of service (segmentation fault and crash) and possibly allowing the execution of arbitrary code. **Recommendations** For Qt versions prior to 4.8.7, update to version 4.8.7 or later. For Qt 5.x versions prior to 5.4.2, update to version 5.4.2 or later.