CVSS: 6.5EPSS: 7%CPEs: 77EXPL: 3CVE-2012-4514 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4514
31 Oct 2012 — rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." rendering/render_replaced.cpp en Konqueror en KDE antes de v4.9.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL) a través de una página web modificada, relacionado con "tratar de volver a utilizar un marco con una parte nula". Multiple vulnerab... • https://packetstorm.news/files/id/117774 •
CVSS: 7.8EPSS: 17%CPEs: 17EXPL: 1CVE-2007-0104 – Mandriva Linux Security Advisory 2007.018
https://notcve.org/view.php?id=CVE-2007-0104
09 Jan 2007 — The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. La especificación de Adobe PDF versión 1.3, implementada por (a) xpdf versión 3... • http://docs.info.apple.com/article.html?artnum=305214 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2006-2449 – rPSA-2006-0106-1.txt
https://notcve.org/view.php?id=CVE-2006-2449
15 Jun 2006 — KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login. KDE Display Manager (KDM) en KDE v3.2.0 a v3.5.3 permite a usuarios locales leer archivos de su elección mediante un ataque de enlaces simbólicos relaciado con el tipo de sesión elegido en el inicio de sesión KDM allows the user to select the session type for login. This setting is permanently stored in the user home directory. By using a symlink attack, K... • http://secunia.com/advisories/20602 •
CVSS: 8.8EPSS: 6%CPEs: 17EXPL: 0CVE-2006-0019
https://notcve.org/view.php?id=CVE-2006-0019
20 Jan 2006 — Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2005-2494 – KDE Security Advisory 2005-09-05.1
https://notcve.org/view.php?id=CVE-2005-2494
06 Sep 2005 — kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files. KDE Security Advisory: Ilja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access. In order for an exploit to succeed, the directory /var/lock has to be writeable for a user that is allowed to invoke kcheckpass. Affected are all KDE releases starting from KDE 3.2.0 up to inclu... • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.2-kdebase-kcheckpass.diff •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2005-2101 – Debian Linux Security Advisory 818-1
https://notcve.org/view.php?id=CVE-2005-2101
17 Aug 2005 — langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files. It was discovered that langen2kvhtml from the kvoctrain package from the kdeedu suite creates temporary files in an insecure fashion. This leaves them open for symlink attacks. • http://secunia.com/advisories/16428 •
CVSS: 9.8EPSS: 5%CPEs: 20EXPL: 0CVE-2005-1852 – Gentoo Linux Security Advisory 200507-26
https://notcve.org/view.php?id=CVE-2005-1852
22 Jul 2005 — Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. Múltiples desbordamientos de búfer en libgadu, usado en Kopete en KDE 3.2.3 hasta la 3.4.1, ekg anteriores a 1.6rc3, GNU Gadu, CenterICQ, Kadu, y otros paquetes, permite que atacantes remotos causen una denegación de servicio (caída) y posiblem... • http://lwn.net/Articles/144724 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2005-1920 – KDE Security Advisory 2005-07-18.1
https://notcve.org/view.php?id=CVE-2005-1920
19 Jul 2005 — The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. Las aplicaciones Kate y Kwrite en KDE 3.2.x hasta la 3.4.0 no fijan adecuadamente los permisos en los ficheros de backup, lo que podría permitir que usuarios locales, y posiblemente también remotos, obtengan información confidencial. KDE Security Adviso... • http://marc.info/?l=bugtraq&m=112171434023679&w=2 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2005-0754 – KDE Security Advisory 2005-04-20.1
https://notcve.org/view.php?id=CVE-2005-0754
22 Apr 2005 — Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. KDE Security Advisory: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code. • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diff •
CVSS: 9.1EPSS: 6%CPEs: 146EXPL: 0CVE-2005-0206
https://notcve.org/view.php?id=CVE-2005-0206
15 Feb 2005 — The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. El parche para corregir las vulnerabilidades de desbordamiento de entero en Xpdf 2.0 y 3.0 (CAN-2004-0888) es incompleto para arquitecturas de 64 bits en ciertas distribuciones de Linux como Red Hat, lo que podría dejar a los usuarios de Xpdf expuestos a las vulnerabilida... • http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 •