Page 13 of 90 results (0.005 seconds)

CVSS: 10.0EPSS: 8%CPEs: 27EXPL: 0

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module. KDM en KDE 3.1.3 y anteriores no verifica si la llamada a la función pam_setcred tiene éxito, lo que podría permitir a atacantes ganar privilegios de root disparando condiciones de error en módulo PAM, como se demostró en ciertas configuraciones del módulo pam_krb5 del MIT. • http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://marc.info/?l=bugtraq&m=106374551513499&w=2 http://www.debian.org/security/2003/dsa-388 http://www.debian.org/security/2004/dsa-443 http://www.kde.org/info/security/advisory-20030916-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2003:091 http://www.redhat.com/support/errata/RHSA-2003-270.html http://www. •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. Konqueror Embedded y KDE 2.2.2 y anteriores no validan el campo Common Name (CN) en certificados X.509, lo que permitiría que atacantes remotos falsifiquen certificados mediante un ataque "man-in-the-middle". • http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html http://www.debian.org/security/2003/dsa-361 http://www.kde.org/info/security/advisory-20030602-1.txt http://www.redhat.com/support/errata/RHSA-2003-192.html http://www.redhat.com/support/errata/RHSA-2003-193.html http://www.securityfocus.com/archive/1/320707 http://www.securityfocus.com/bid/7520 http://www.turbolinux.com/security/TLSA-2003-36.txt https://access.redhat.com/security/cve/CVE-2003 •

CVSS: 7.5EPSS: 15%CPEs: 18EXPL: 0

KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. KDE 2 y KDE 3.1.1 y versiones 3.x anteriores permiten a atacantes ejecutar comandos arbitrarios mediante ficheros PostScript (PS) o PDF, relacionado con la falta de argumentos -dSAFER y -dPARANOIDSAFER • http://bugs.kde.org/show_bug.cgi?id=53343 http://bugs.kde.org/show_bug.cgi?id=56808 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://marc.info/? •

CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0

Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses. Múltiples vulnerabilidades en KDE 2 y KDE 3.x a 3.0.5 no ponen entre comillas ciertos parámetros que son insertados en comando de shell, lo que podría permitir a atacantes remotos ejecutar comandos arbitrarios mediante URLs, nombres de ficheros o direcciones de correo electrónico. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569 http://marc.info/?l=bugtraq&m=104049734911544&w=2 http://marc.info/?l=bugtraq&m=104066520330397&w=2 http://secunia.com/advisories/8067 http://secunia.com/advisories/8103 http://www.debian.org/security/2003/dsa-234 http://www.debian.org/security/2003/dsa-235 http://www.debian.org/security/2003/dsa-236 http://www.debian.org/security/2003/dsa-237 http://www.debian.org/security/2003/dsa-238 •

CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0

Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. • http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0167.html http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0177.html http://www.iss.net/security_center/static/10126.php http://www.securityfocus.com/bid/5721 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •