CVE-2012-4514 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4514
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." rendering/render_replaced.cpp en Konqueror en KDE antes de v4.9.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL) a través de una página web modificada, relacionado con "tratar de volver a utilizar un marco con una parte nula". Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities. • https://www.exploit-db.com/exploits/22406 http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=65464349951e0df9b5d80c2eb3cc7458d54923ae http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc http://www.openwall.com/lists/oss-security/2012/10/11/11 http://www.openwall.com/lists/oss-security/2012/10/30/6 https://bugs.kde.org/show_bug.cgi?id=271528 •
CVE-2005-0205
https://notcve.org/view.php?id=CVE-2005-0205
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000934 http://www.debian.org/security/2005/dsa-692 http://www.idefense.com/application/poi/display?id=208&type=vulnerabilities http://www.kde.org/info/security/advisory-20050228-1.txt http://www.redhat.com/support/errata/RHSA-2005-175.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9596 https://access.redhat.com/security/cve/CVE-2005-0205 https://bugzilla.redhat.com/show_bug.cgi •
CVE-2005-0078
https://notcve.org/view.php?id=CVE-2005-0078
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. • http://www.debian.org/security/2005/dsa-660 http://www.redhat.com/support/errata/RHSA-2005-009.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19084 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9260 https://access.redhat.com/security/cve/CVE-2005-0078 https://bugzilla.redhat.com/show_bug.cgi?id=1617445 •
CVE-2004-0689
https://notcve.org/view.php?id=CVE-2004-0689
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. KDE 3.3.0 no maneja adecuadamente ciertos enlaces simbólicos que apuntan a localizaciones "gastadas", lo que podría permitir a usaurios locales crear o truncar ficheros arbitrarios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109225538901170&w=2 http://secunia.com/advisories/12276 http://security.gentoo.org/glsa/glsa-200408-13.xml http://www.debian.org/security/2004/dsa-539 http://www.kde.org/info/security/advisory-20040811-1.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/16963 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334 https://access.redhat.com/se • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2003-0692
https://notcve.org/view.php?id=CVE-2003-0692
KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session. KDM en KDE 3.1.3 y anteriores usa un algoritmo de generación de galletita (cookie) de sesión débil, que no tiene 128 bits de entropía, lo que permite a atacantes adivinar galletitas de sesión mediante métodos de fuerza bruta y ganar acceso a la sesión del usuario. • http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://marc.info/?l=bugtraq&m=106374551513499&w=2 http://www.debian.org/security/2003/dsa-388 http://www.kde.org/info/security/advisory-20030916-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2003:091 http://www.redhat.com/support/errata/RHSA-2003-270.html http://www.redhat.com/support/errata/RHSA-2003-288.html https •