Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2020-26164  

Several issues have been found in kdeconnect <= 20.08.1 where a remote, unauthenticated attacker on the local network can access sensitive information, crash the daemon or possibly execute arbitrary code via a use-after-free.

Source
Severity High

Remote Yes

Type Arbitrary code execution

Description 

Several issues have been found in kdeconnect <= 20.08.1 where a remote, unauthenticated attacker on the local network can access sensitive information, crash the daemon or possibly execute arbitrary code via a use-after-free.

AVG-1241 kdeconnect 20.08.1-1 20.08.2-1 High Fixed 

https://www.openwall.com/lists/oss-security/2020/10/13/4
https://kde.org/info/security/advisory-20201002-1.txt

Workaround
==========

We advise you to stop KDE Connect when on untrusted networks like those on airports or conferences.

Since kdeconnect is dbus activated it is relatively hard to make sure it stays stopped so the brute
force approach is to uninstall the kdeconnect package from your system and then run
    kquitapp5 kdeconnectd
Just install the package again once you're back in a trusted network.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started