Page 2 of 17 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

CVE-2003-0692

https://notcve.org/view.php?id=CVE-2003-0692

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. KDM en KDE 3.1.3 y anteriores usa un algoritmo de generación de galletita (cookie) de sesión débil, que no tiene 128 bits de entropía, lo que permite a atacantes adivinar galletitas de sesión mediante métodos de fuerza bruta y ganar acceso a la sesión del usuario. • http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://marc.info/?l=bugtraq&m=106374551513499&w=2 http://www.debian.org/security/2003/dsa-388 http://www.kde.org/info/security/advisory-20030916-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2003:091 http://www.redhat.com/support/errata/RHSA-2003-270.html http://www.redhat.com/support/errata/RHSA-2003-288.html https •

CVSS: 7.5EPSS: 15%CPEs: 18EXPL: 0

CVE-2003-0204

https://notcve.org/view.php?id=CVE-2003-0204

KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer. KDE 2 y KDE 3.1.1 y versiones 3.x anteriores permiten a atacantes ejecutar comandos arbitrarios mediante ficheros PostScript (PS) o PDF, relacionado con la falta de argumentos -dSAFER y -dPARANOIDSAFER • http://bugs.kde.org/show_bug.cgi?id=53343 http://bugs.kde.org/show_bug.cgi?id=56808 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://marc.info/? •

CVSS: 7.5EPSS: 1%CPEs: 15EXPL: 0

CVE-2002-1393

https://notcve.org/view.php?id=CVE-2002-1393

Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses. Múltiples vulnerabilidades en KDE 2 y KDE 3.x a 3.0.5 no ponen entre comillas ciertos parámetros que son insertados en comando de shell, lo que podría permitir a atacantes remotos ejecutar comandos arbitrarios mediante URLs, nombres de ficheros o direcciones de correo electrónico. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569 http://marc.info/?l=bugtraq&m=104049734911544&w=2 http://marc.info/?l=bugtraq&m=104066520330397&w=2 http://secunia.com/advisories/8067 http://secunia.com/advisories/8103 http://www.debian.org/security/2003/dsa-234 http://www.debian.org/security/2003/dsa-235 http://www.debian.org/security/2003/dsa-236 http://www.debian.org/security/2003/dsa-237 http://www.debian.org/security/2003/dsa-238 •

CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0

CVE-2002-2333

https://notcve.org/view.php?id=CVE-2002-2333

Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. • http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0167.html http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-09/0177.html http://www.iss.net/security_center/static/10126.php http://www.securityfocus.com/bid/5721 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 9%CPEs: 10EXPL: 0

CVE-2002-1306

https://notcve.org/view.php?id=CVE-2002-1306

Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL. Múltiples desbordamientos de búfer en LISa en KDE 2.x a partir de 2.1, y KDE 3.x anteriores a 3.0.4 permiten a atacantes locales y posiblemente remotos ejecutar código mediante el demonio "lisa", y a atacantes remotos ejecutar código arbitrario mediante una cierta URL de tipo "lan://" • http://marc.info/?l=bugtraq&m=103712329102632&w=2 http://marc.info/?l=bugtraq&m=103728981029342&w=2 http://www.ciac.org/ciac/bulletins/n-020.shtml http://www.debian.org/security/2002/dsa-214 http://www.iss.net/security_center/static/10597.php http://www.iss.net/security_center/static/10598.php http://www.kde.org/info/security/advisory-20021111-2.txt http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-080.php http://www.novell.com/linux/security/ •