CVE-2018-19120
HIGHKDE Applications < 18.12.0 - Exposure of Sensitive Information via HTML Thumbnailer Plugin
Title source: llmDescription
The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1649420
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/
Scores
CVSS v3
7.5
EPSS
0.0027
EPSS Percentile
49.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
kde/kde_applications
< 18.12.0
Published
Nov 29, 2018
Tracked Since
Feb 18, 2026