CVSS: 8.8EPSS: 9%CPEs: 5EXPL: 2CVE-2012-4512 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4512
27 Jun 2014 — The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." El analizador CSS (archivo khtml/css/cssparser.cpp) en Konqueror en KDE versión 4.7.3, permite a atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente leer la memoria por medio de una fuente font face diseñada, relacionada con "type confusion." A heap-based buffer overflow f... • https://www.exploit-db.com/exploits/22406 • CWE-122: Heap-based Buffer Overflow CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 2CVE-2011-2725
https://notcve.org/view.php?id=CVE-2011-2725
04 Feb 2014 — Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file. Vulnerabilidad de salto de directorio en Ark 4.7.x y anteriores permite a atacantes remotos eliminar y forzar la visualización de archivos arbitrarios a través de secuencias .. (punto punto) en un archivo zip. • http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4132
https://notcve.org/view.php?id=CVE-2013-4132
16 Sep 2013 — KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass. KDE-Workspace 4.10.5 y anteriores no gestiona de forma adecuada el valor de retorno de glibc 2.17 crypt y funciones pw_encrypt, lo que permite a atac... • http://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html • CWE-310: Cryptographic Issues •
CVSS: 8.1EPSS: 22%CPEs: 1EXPL: 2CVE-2012-4513 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4513
11 Nov 2012 — khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. khtml/imload/scaledimageplane.h en Konqueror en KDE v4.7.3, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente leer la memoria a través de grandes dimensiones del lienzo, lo que conduce a una extensión de signo inesperado y ... • https://www.exploit-db.com/exploits/22406 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 7%CPEs: 77EXPL: 2CVE-2012-4514 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4514
11 Nov 2012 — rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." rendering/render_replaced.cpp en Konqueror en KDE antes de v4.9.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL) a través de una página web modificada, relacionado con "tratar de volver a utilizar un marco con una parte nula". Multiple vulnerab... • https://www.exploit-db.com/exploits/22406 •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 3CVE-2012-4515 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4515
11 Nov 2012 — Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. Vulnerabilidad de uso después de liberación en khtml/rendering/render_replaced.cpp en Konqueror en KDE v4.7.3, cuando el menú contextual se muestra, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente eje... • https://www.exploit-db.com/exploits/22406 • CWE-399: Resource Management Errors •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2012-3413
https://notcve.org/view.php?id=CVE-2012-3413
07 Aug 2012 — The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. La función HTMLQuoteColorer::process en messageviewer/htmlquotecolorer.cpp en KDE PIM v4.6 hasta v4.8 no desabilita JavaScript, Java, ni los complementos, lo que permite a atacantes remotos inyectar secuencias de comandos o HTML a través de un correo manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083946.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3365 – kdelibs: input validation failure in KSSL
https://notcve.org/view.php?id=CVE-2011-3365
29 Nov 2011 — The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. La API KDE SSL Wrapper (KSSL) en KDE SC v4.6.0 hasta 4.7.1 y posiblemente versiones anteriores, no utiilizan una fuente concreta cuando renderizan los campos de certificado en un diálogo de seguridad, lo que permite a atacantes remotos falsifi... • http://www.kde.org/info/security/advisory-20111003-1.txt • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 70EXPL: 0CVE-2011-1586 – kdenetwork: incomplete fix for CVE-2010-1000
https://notcve.org/view.php?id=CVE-2011-1586
27 Apr 2011 — Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. Vulnerabilidad de salto de directorio en la función KGetMetalink::File::isValidNameAttr en ui/metalinkcreator/metalinker.cpp en KGet en KDE SC v... • http://openwall.com/lists/oss-security/2011/04/15/9 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 1%CPEs: 23EXPL: 3CVE-2011-1168 – kdelibs: partially universal XSS in Konqueror error pages
https://notcve.org/view.php?id=CVE-2011-1168
18 Apr 2011 — Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError function in khtml/khtml_part.cpp in Konqueror in KDE SC 4.4.0 through 4.6.1 allows remote attackers to inject arbitrary web script or HTML via the URI in a URL corresponding to an unavailable web site. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la función KHTMLPart::htmlError en khtml/khtml_part.cpp en Konqueror en KDE SC v4.4.0 hasta v4.6.1, permite a usuarios remotos inyectar script o HTML de su ele... • http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •