CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 1CVE-2008-1671
https://notcve.org/view.php?id=CVE-2008-1671
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. start_kdeinit en KDE de 3.5.5 a 3.5.9, cuando está instalado setuid root, permite a usuarios locales provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante "una entrada influenciable por el usuario" (probablemente argumentos en línea de comandos) que provocan que start_kdeinit envíe señales SIGUSR1 a otros procesos. • ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29951 http://secunia.com/advisories/29977 http://secunia.com/advisories/30113 http://security.gentoo.org/glsa/glsa-200804-30.xml http://www.kde.org/info/security/advisory-20080426-2.txt http://www.mandriva.com/security/advisories?name=MDVSA-2008:097 http://www.securityfocus.com/bid/28938 http:// • CWE-16: Configuration •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0CVE-2007-6591
https://notcve.org/view.php?id=CVE-2007-6591
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. KDE Konqueror 3.5.5 y 3.95.00, cuando un usuario acepta un certificado de servidor SSL basándose en el nombre de dominio CN del campo DN, considera el certificado como aceptado también para todos los nombres de dominios en los campos subjectAltName:dNSName, incluso aunque estos campos no pueden ser examinados en el producto, lo cual facilita a los atacantes remotos engañar al usuario para que acepte un certificado inválido para un sitio web falso. • http://nils.toedtmann.net/pub/subjectAltName.txt http://securityreason.com/securityalert/3498 http://www.securityfocus.com/archive/1/483929/100/100/threaded http://www.securityfocus.com/archive/1/483937/100/100/threaded http://www.securityfocus.com/archive/1/483960/100/100/threaded •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5963
https://notcve.org/view.php?id=CVE-2007-5963
Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors. Vulnerabilidad no especificada en kdebase permite a usuarios locales provocar denegación de servicio (acceso de entrada no accesible KDM, o consumo de recursos) a través de vectores desconocidos. • http://osvdb.org/41395 http://secunia.com/advisories/28104 http://secunia.com/advisories/28181 http://secunia.com/advisories/28751 http://securityreason.com/securityalert/3469 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0268 http://www.mandriva.com/security/advisories?name=MDVSA-2009:017 http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00031.html http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00038.html http://www.securityfocus.com/archiv •
CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 2CVE-2007-6000 – KDE Konqueror 3.5.6 - Cookie Handling Denial of Service
https://notcve.org/view.php?id=CVE-2007-6000
KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. KDE Konqueror 3.5.6 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) mediante parámetros de cookie HTTP grandes. • https://www.exploit-db.com/exploits/30763 http://securityreason.com/securityalert/3370 http://www.securityfocus.com/archive/1/483705/100/0/threaded http://www.securityfocus.com/bid/26435 https://exchange.xforce.ibmcloud.com/vulnerabilities/38456 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2007-4569 – kdm password-less login vulnerability
https://notcve.org/view.php?id=CVE-2007-4569
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. El backend/session.c del KDE 3.3.0 hasta el 3.5.7, cuando la auto-autenticación está configurada y el "apagado con contraseña" está habilitado, permite a atacantes remotos evitar el requerimiento de contraseña y autenticarse en cuentas de su elección a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://secunia.com/advisories/26894 http://secunia.com/advisories/26904 http://secunia.com/advisories/26915 http://secunia.com/advisories/26929 http://secunia.com/advisories/26977 http://secunia.com/advisories/27089 http://secunia.com/advisories/27096 http://secunia.com/advisories/27106 http://secunia.com/advisories/27180 http://secunia.com/advisories/27271 http://security.gentoo.org/glsa/glsa-200710-15&# • CWE-264: Permissions, Privileges, and Access Controls •