Skip to main content

Security Advisories

A collection of security advisories disclosed by Evolved Threat researchers.

All Low Medium High

KDE Frameworks Command Execution

HIGH CVE-2019-14744
By Dominik Penner

DESCRIPTION

A critical vulnerability in KDE Frameworks allows arbitrary command execution through malicious desktop files.

AFFECTING

  • KDE Frameworks • ≤ 5.1.60

KDE Frameworks Command Execution

HIGH CVE-2019-14744
Dominik Penner's profile picture

Dominik Penner @zer0pwn

AFFECTING

  • KDE Frameworks • ≤ 5.1.60

DESCRIPTION

A critical vulnerability in KDE Frameworks allows arbitrary command execution through malicious desktop files.

DETAILS

A vulnerability in KDE Frameworks allows arbitrary command execution through specially crafted .desktop files. This could allow an attacker to execute arbitrary commands with the privileges of the user running the KDE desktop environment.

KDE Ark Directory Traversal Command Execution

MEDIUM CVE-2019-14743
By Dominik Penner

DESCRIPTION

A vulnerability in KDE Ark allows directory traversal and command execution through malicious archive files.

AFFECTING

  • KDE Ark • 20.08.0

KDE Ark Directory Traversal Command Execution

MEDIUM CVE-2019-14743
Dominik Penner's profile picture

Dominik Penner @zer0pwn

AFFECTING

  • KDE Ark • 20.08.0

DESCRIPTION

A vulnerability in KDE Ark allows directory traversal and command execution through malicious archive files.

DETAILS

KDE Ark contains a vulnerability that allows directory traversal and command execution through specially crafted archive files. An attacker could create a malicious archive that, when extracted, could traverse directories and execute arbitrary commands.

EA Origin Remote Command Execution

HIGH CVE-2019-12828
By Dominik Penner

DESCRIPTION

Another critical vulnerability in EA Origin enables remote command execution through malicious game URLs.

AFFECTING

  • EA Origin • 10.5.39

EA Origin Remote Command Execution

HIGH CVE-2019-12828
Dominik Penner's profile picture

Dominik Penner @zer0pwn

AFFECTING

  • EA Origin • 10.5.39

DESCRIPTION

Another critical vulnerability in EA Origin enables remote command execution through malicious game URLs.

DETAILS

EA Origin contains another critical vulnerability that allows remote command execution through specially crafted game URLs. An attacker could create a malicious URL that, when processed by the Origin client, would execute arbitrary commands on the system.

EA Origin Remote Command Execution

HIGH CVE-2019-11354
By Dominik Penner

DESCRIPTION

A critical vulnerability in EA Origin allows remote command execution through the origin:// protocol handler.

AFFECTING

  • EA Origin • 10.5.39

EA Origin Remote Command Execution

HIGH CVE-2019-11354
Dominik Penner's profile picture

Dominik Penner @zer0pwn

AFFECTING

  • EA Origin • 10.5.39

DESCRIPTION

A critical vulnerability in EA Origin allows remote command execution through the origin:// protocol handler.

DETAILS

EA Origin contains a critical vulnerability in its URL protocol handler that allows remote command execution. An attacker could craft a malicious origin:// URL that, when clicked, would execute arbitrary commands on the system.