CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2002-1151
https://notcve.org/view.php?id=CVE-2002-1151
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains. La protección de ejecución de secuencias de comandos (scripts) en sitios cruzados en Konqueror 2.2.2 y 3.0 a 3.0.3 no inicializa adecuandamente los dominios en sub-marcos y sub-iframes (marcos incrustados), lo que puede permitir que atacantes remotos ejecuten comandos y roben cookies de submarcos que están en otros dominios. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000525 http://marc.info/?l=bugtraq&m=103175850925395&w=2 http://www.debian.org/security/2002/dsa-167 http://www.iss.net/security_center/static/10039.php http://www.kde.org/info/security/advisory-20020908-2.txt http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php http://www.osvdb.org/7867 http://www.redhat.com/support/erra •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2002-1152
https://notcve.org/view.php?id=CVE-2002-1152
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. Konqueror en KDE 3.0 a 3.0.2 no detecta adecuadamente la señal (flag) en una cookieHTTP, lo que podría causar que Konqueror mandase la cookie por un canal no cifrado, que podría ser vista por atacantes espiando (sniffing) la conexión. • http://marc.info/?l=bugtraq&m=103175827225044&w=2 http://www.iss.net/security_center/static/10083.php http://www.kde.org/info/security/advisory-20020908-1.txt http://www.redhat.com/support/errata/RHSA-2002-220.html http://www.securityfocus.com/bid/5691 •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 1CVE-2002-0970
https://notcve.org/view.php?id=CVE-2002-0970
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. La capacidad SSL en Konqueror 3.0.2 y anteriores no verifica las restriccíones básicas de una certificad intermedio firmado por una AC (Autoridad Certificadora), lo que permite a atacantes remotos falsear los certificados de sitios de confianza mediante un ataque de hombre en el medio (man-in-the-middle. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519 http://marc.info/?l=bugtraq&m=102918241005893&w=2 http://www.debian.org/security/2002/dsa-155 http://www.kde.org/info/security/advisory-20020818-1.txt http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:058 http://www.redhat.com/support/errata/RHSA-2002-220.html http •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 1CVE-2002-0227 – kicq 2.0.0b1 - Invalid ICQ Packet Denial of Service
https://notcve.org/view.php?id=CVE-2002-0227
KICQ 2.0.0b1 allows remote attackers to cause a denial of service (crash) via a malformed message. KICQ 2.0.0b1 permite a atacantes remotos causar una denegación de servicio (caída) mediante un mensaje malformado. • https://www.exploit-db.com/exploits/21262 http://marc.info/?l=bugtraq&m=101266856410129&w=2 http://www.iss.net/security_center/static/8064.php http://www.securityfocus.com/bid/4018 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2002-0342
https://notcve.org/view.php?id=CVE-2002-0342
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long. • http://marc.info/?l=bugtraq&m=101475683425671&w=2 http://www.iss.net/security_center/static/8283.php http://www.securityfocus.com/bid/4177 •