CVSS: 4.3EPSS: 1%CPEs: 3EXPL: 1CVE-2008-5698 – Konqueror 3.5.9 - 'load' Remote Crash
https://notcve.org/view.php?id=CVE-2008-5698
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. HTMLTokenizer::scriptHandler en Konqueror de KDE v3.5.9 y v3.5.10, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una llamada no válida a document.load, esto lanza que se use un objeto eliminado. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/6718 http://secunia.com/advisories/32208 http://securityreason.com/securityalert/4796 http://www.securityfocus.com/bid/31696 http://www.vupen.com/english/advisories/2008/2915 https://exchange.xforce.ibmcloud.com/vulnerabilities/45804 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 4%CPEs: 4EXPL: 0CVE-2008-1670
https://notcve.org/view.php?id=CVE-2008-1670
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image. Desbordamiento de búfer basado en montículo en el cargador de imagen PNG progresivo (decoders/pngloader.cpp) en KHTML de KDE 4.0.x hasta 4.0.3; permite a atacantes remotos provocar una denegación de servicio (caída) y puede que ejecutar código de su elección mediante una imagen manipulada. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29980 http://www.kde.org/info/security/advisory-20080426-1.txt http://www.securityfocus.com/bid/28937 http://www.securitytracker.com/id?1019929 http://www.vupen.com/english/advisories/2008/1371/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42038 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 1CVE-2008-1671
https://notcve.org/view.php?id=CVE-2008-1671
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. start_kdeinit en KDE de 3.5.5 a 3.5.9, cuando está instalado setuid root, permite a usuarios locales provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante "una entrada influenciable por el usuario" (probablemente argumentos en línea de comandos) que provocan que start_kdeinit envíe señales SIGUSR1 a otros procesos. • ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29951 http://secunia.com/advisories/29977 http://secunia.com/advisories/30113 http://security.gentoo.org/glsa/glsa-200804-30.xml http://www.kde.org/info/security/advisory-20080426-2.txt http://www.mandriva.com/security/advisories?name=MDVSA-2008:097 http://www.securityfocus.com/bid/28938 http:// • CWE-16: Configuration •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5963
https://notcve.org/view.php?id=CVE-2007-5963
Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors. Vulnerabilidad no especificada en kdebase permite a usuarios locales provocar denegación de servicio (acceso de entrada no accesible KDM, o consumo de recursos) a través de vectores desconocidos. • http://osvdb.org/41395 http://secunia.com/advisories/28104 http://secunia.com/advisories/28181 http://secunia.com/advisories/28751 http://securityreason.com/securityalert/3469 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0268 http://www.mandriva.com/security/advisories?name=MDVSA-2009:017 http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00031.html http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00038.html http://www.securityfocus.com/archiv •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2007-4569 – kdm password-less login vulnerability
https://notcve.org/view.php?id=CVE-2007-4569
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. El backend/session.c del KDE 3.3.0 hasta el 3.5.7, cuando la auto-autenticación está configurada y el "apagado con contraseña" está habilitado, permite a atacantes remotos evitar el requerimiento de contraseña y autenticarse en cuentas de su elección a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://secunia.com/advisories/26894 http://secunia.com/advisories/26904 http://secunia.com/advisories/26915 http://secunia.com/advisories/26929 http://secunia.com/advisories/26977 http://secunia.com/advisories/27089 http://secunia.com/advisories/27096 http://secunia.com/advisories/27106 http://secunia.com/advisories/27180 http://secunia.com/advisories/27271 http://security.gentoo.org/glsa/glsa-200710-15&# • CWE-264: Permissions, Privileges, and Access Controls •