29 results (0.011 seconds)

CVSS: 5.0EPSS: 2%CPEs: 77EXPL: 2

rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." rendering/render_replaced.cpp en Konqueror en KDE antes de v4.9.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL) a través de una página web modificada, relacionado con "tratar de volver a utilizar un marco con una parte nula". Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities. • https://www.exploit-db.com/exploits/22406 http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=65464349951e0df9b5d80c2eb3cc7458d54923ae http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc http://www.openwall.com/lists/oss-security/2012/10/11/11 http://www.openwall.com/lists/oss-security/2012/10/30/6 https://bugs.kde.org/show_bug.cgi?id=271528 •

CVSS: 6.8EPSS: 6%CPEs: 17EXPL: 1

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. La especificación de Adobe PDF versión 1.3, implementada por (a) xpdf versión 3.0.1 parche 2, (b) kpdf en KDE anterior a versión 3.5.5, (c) poppler anterior a versión 0.5.4, y otros productos, permite a los atacantes remotos tener un impacto desconocido, posiblemente incluyendo la denegación de servicio (bucle infinito), ejecución de código arbitraria, o corrupción de memoria , por medio de un archivo PDF con un (1) diccionario de catálogo creado o (2) un atributo Pages creado que hace referencia a un nodo de árbol de páginas no válido. • http://docs.info.apple.com/article.html?artnum=305214 http://projects.info-pull.com/moab/MOAB-06-01-2007.html http://secunia.com/advisories/23791 http://secunia.com/advisories/23799 http://secunia.com/advisories/23808 http://secunia.com/advisories/23813 http://secunia.com/advisories/23815 http://secunia.com/advisories/23839 http://secunia.com/advisories/23844 http://secunia.com/advisories/23876 http://secunia.com/advisories/24204 http://secunia.com/advisories/24479 http • CWE-20: Improper Input Validation •

CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0

kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop. kdesktop_lock en kdebase versiones anteriores a 3.1.3-5.11 para KDE en Red Hat Enterprise Linux (RHEL) 3 no termina apropiadamente, lo cual puede impedir que el salva-pantallas se active, o impedir que los usuarios bloqueen manualmente el escritorio. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=177755 http://secunia.com/advisories/21203 http://securitytracker.com/id?1016571 http://www.redhat.com/support/errata/RHSA-2006-0576.html http://www.securityfocus.com/bid/19152 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10535 https://access.redhat.com/security/cve/CVE-2006-2933 https://bugzilla.redhat.com/show_bug.cgi?id=1618125 •

CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0

langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files. • http://secunia.com/advisories/16428 http://securitytracker.com/id?1014675 http://www.debian.org/security/2005/dsa-818 http://www.kde.org/info/security/advisory-20050815-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2005:159 http://www.securityfocus.com/bid/14561 •

CVSS: 7.5EPSS: 2%CPEs: 18EXPL: 0

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diff http://marc.info/?l=bugtraq&m=111419664411051&w=2 http://secunia.com/advisories/15060 http://www.kde.org/info/security/advisory-20050420-1.txt http://www.securityfocus.com/bid/13313 •