CVSS: 6.5EPSS: 7%CPEs: 77EXPL: 3CVE-2012-4514 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4514
31 Oct 2012 — rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." rendering/render_replaced.cpp en Konqueror en KDE antes de v4.9.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL) a través de una página web modificada, relacionado con "tratar de volver a utilizar un marco con una parte nula". Multiple vulnerab... • https://packetstorm.news/files/id/117774 •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2005-2101 – Debian Linux Security Advisory 818-1
https://notcve.org/view.php?id=CVE-2005-2101
17 Aug 2005 — langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files. It was discovered that langen2kvhtml from the kvoctrain package from the kdeedu suite creates temporary files in an insecure fashion. This leaves them open for symlink attacks. • http://secunia.com/advisories/16428 •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2005-0205 – iDEFENSE Security Advisory 2005-02-28.2
https://notcve.org/view.php?id=CVE-2005-0205
28 Feb 2005 — KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp. Local exploitation of a privileged file descriptor leak in KPPP can allow attackers to hijack a system's domain name resolution function. The vulnerability specifically exists... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000934 •
CVSS: 9.1EPSS: 1%CPEs: 27EXPL: 0CVE-2004-0746 – wp-04-0001.txt
https://notcve.org/view.php?id=CVE-2004-0746
24 Aug 2004 — Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. Konqueror en KDE 3.2.3 Y anteriores pemiten a sitios web establecer cookies para dominios de nivel superior específicos de países, como ltd.uk o com.es, lo que podría permitir a atacantes remotos realizar un ataque de fijación de sesión y secuestrar una sesión... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2004-0689 – KDE Security Advisory 2004-08-11.1
https://notcve.org/view.php?id=CVE-2004-0689
12 Aug 2004 — KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. KDE 3.3.0 no maneja adecuadamente ciertos enlaces simbólicos que apuntan a localizaciones "gastadas", lo que podría permitir a usaurios locales crear o truncar ficheros arbitrarios. The SUSE security team was alerted that in some cases the integrity of symlinks used by KDE are not ensured and that these symlinks can be pointing to stale locati... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •