CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-4132
https://notcve.org/view.php?id=CVE-2013-4132
KDE-Workspace 4.10.5 and earlier does not properly handle the return value of the glibc 2.17 crypt and pw_encrypt functions, which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via (1) an invalid salt or a (2) DES or (3) MD5 encrypted password, when FIPS-140 is enable, to KDM or an (4) invalid password to KCheckPass. KDE-Workspace 4.10.5 y anteriores no gestiona de forma adecuada el valor de retorno de glibc 2.17 crypt y funciones pw_encrypt, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y cuelgue) a través de (1) un "salt" invalido o una contraseña cifrada, cuando FIPS-140 está habilitado, para KDM o una (4) contraseña no válida para KCheckPass. • http://lists.opensuse.org/opensuse-updates/2013-07/msg00082.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html http://seclists.org/oss-sec/2013/q3/117 http://seclists.org/oss-sec/2013/q3/120 https://git.reviewboard.kde.org/r/111261 • CWE-310: Cryptographic Issues •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 3CVE-2012-4515 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4515
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated. Vulnerabilidad de uso después de liberación en khtml/rendering/render_replaced.cpp en Konqueror en KDE v4.7.3, cuando el menú contextual se muestra, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario mediante el acceso a un iframe cuando se está actualizando. Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities. • https://www.exploit-db.com/exploits/22406 http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=4f2eb356f1c23444fff2cfe0a7ae10efe303d6d8 http://secunia.com/advisories/51097 http://secunia.com/advisories/51145 http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc http://www.openwall.com/lists/oss-security/2012/10/11/11 http://www.openwall.com/lists/oss-security/2012/10/30/6 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 2%CPEs: 77EXPL: 2CVE-2012-4514 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4514
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." rendering/render_replaced.cpp en Konqueror en KDE antes de v4.9.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL) a través de una página web modificada, relacionado con "tratar de volver a utilizar un marco con una parte nula". Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities. • https://www.exploit-db.com/exploits/22406 http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=65464349951e0df9b5d80c2eb3cc7458d54923ae http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc http://www.openwall.com/lists/oss-security/2012/10/11/11 http://www.openwall.com/lists/oss-security/2012/10/30/6 https://bugs.kde.org/show_bug.cgi?id=271528 •
CVSS: 6.4EPSS: 7%CPEs: 1EXPL: 2CVE-2012-4513 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4513
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. khtml/imload/scaledimageplane.h en Konqueror en KDE v4.7.3, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente leer la memoria a través de grandes dimensiones del lienzo, lo que conduce a una extensión de signo inesperado y una sobre lectura de búfer basado en memoria dinámica. Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities. • https://www.exploit-db.com/exploits/22406 http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=1f8b1b034ccf1713a5d123a4c327290f86d17d53 http://rhn.redhat.com/errata/RHSA-2012-1416.html http://rhn.redhat.com/errata/RHSA-2012-1418.html http://secunia.com/advisories/51097 http://secunia.com/advisories/51145 http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc http://www.openwall.com/lists/oss-security/2012/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 2CVE-2012-4512 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4512
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." El analizador CSS (archivo khtml/css/cssparser.cpp) en Konqueror en KDE versión 4.7.3, permite a atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente leer la memoria por medio de una fuente font face diseñada, relacionada con "type confusion." A heap-based buffer overflow flaw was found in the way the CSS parser of the Document Object Model's (DOM) implementation of KDE libraries performed processing of a location of a particular font face source. A remote attacker with privileges could provide a specially-crafted web page that, when opened in an application linked against KDE libraries, would lead to the application crashing or potential execution of arbitrary code. Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities. • https://www.exploit-db.com/exploits/22406 http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=a872c8a969a8bd3706253d6ba24088e4f07f3352 http://rhn.redhat.com/errata/RHSA-2012-1416.html http://rhn.redhat.com/errata/RHSA-2012-1418.html http://secunia.com/advisories/51097 http://secunia.com/advisories/51145 http://www.nth-dimension.org.uk/pub/NDSA • CWE-122: Heap-based Buffer Overflow CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •