CVE-2012-4514 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4514
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." rendering/render_replaced.cpp en Konqueror en KDE antes de v4.9.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL) a través de una página web modificada, relacionado con "tratar de volver a utilizar un marco con una parte nula". Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities. • https://www.exploit-db.com/exploits/22406 http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=65464349951e0df9b5d80c2eb3cc7458d54923ae http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc http://www.openwall.com/lists/oss-security/2012/10/11/11 http://www.openwall.com/lists/oss-security/2012/10/30/6 https://bugs.kde.org/show_bug.cgi?id=271528 •
CVE-2007-4569 – kdm password-less login vulnerability
https://notcve.org/view.php?id=CVE-2007-4569
backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. El backend/session.c del KDE 3.3.0 hasta el 3.5.7, cuando la auto-autenticación está configurada y el "apagado con contraseña" está habilitado, permite a atacantes remotos evitar el requerimiento de contraseña y autenticarse en cuentas de su elección a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://secunia.com/advisories/26894 http://secunia.com/advisories/26904 http://secunia.com/advisories/26915 http://secunia.com/advisories/26929 http://secunia.com/advisories/26977 http://secunia.com/advisories/27089 http://secunia.com/advisories/27096 http://secunia.com/advisories/27106 http://secunia.com/advisories/27180 http://secunia.com/advisories/27271 http://security.gentoo.org/glsa/glsa-200710-15 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-0104
https://notcve.org/view.php?id=CVE-2007-0104
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. La especificación de Adobe PDF versión 1.3, implementada por (a) xpdf versión 3.0.1 parche 2, (b) kpdf en KDE anterior a versión 3.5.5, (c) poppler anterior a versión 0.5.4, y otros productos, permite a los atacantes remotos tener un impacto desconocido, posiblemente incluyendo la denegación de servicio (bucle infinito), ejecución de código arbitraria, o corrupción de memoria , por medio de un archivo PDF con un (1) diccionario de catálogo creado o (2) un atributo Pages creado que hace referencia a un nodo de árbol de páginas no válido. • http://docs.info.apple.com/article.html?artnum=305214 http://projects.info-pull.com/moab/MOAB-06-01-2007.html http://secunia.com/advisories/23791 http://secunia.com/advisories/23799 http://secunia.com/advisories/23808 http://secunia.com/advisories/23813 http://secunia.com/advisories/23815 http://secunia.com/advisories/23839 http://secunia.com/advisories/23844 http://secunia.com/advisories/23876 http://secunia.com/advisories/24204 http://secunia.com/advisories/24479 http • CWE-20: Improper Input Validation •
CVE-2006-2449
https://notcve.org/view.php?id=CVE-2006-2449
KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login. KDE Display Manager (KDM) en KDE v3.2.0 a v3.5.3 permite a usuarios locales leer archivos de su elección mediante un ataque de enlaces simbólicos relaciado con el tipo de sesión elegido en el inicio de sesión • http://secunia.com/advisories/20602 http://secunia.com/advisories/20660 http://secunia.com/advisories/20674 http://secunia.com/advisories/20702 http://secunia.com/advisories/20785 http://secunia.com/advisories/20869 http://secunia.com/advisories/20890 http://secunia.com/advisories/21662 http://securitytracker.com/id?1016297 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.444467 http://www.debian.org/security/2006/dsa-1156 http://www. •
CVE-2006-0019
https://notcve.org/view.php?id=CVE-2006-0019
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff http://secunia.com/advisories/18500 http://secunia.com/advisories/18540 http://secunia.com/advisories/18552 http://secunia.com/advisories/18559 http://secunia.com/advisories/18561 http://secunia.com/advisories/18570 http://secunia.com/advisories/18583 http://secunia.com/advisories/18899 http://securityreason.com/securityalert/364 http://securitytracker.com/id?1015512 http://slackware.com/security/viewer •