CVE-2012-4514 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4514
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." rendering/render_replaced.cpp en Konqueror en KDE antes de v4.9.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL) a través de una página web modificada, relacionado con "tratar de volver a utilizar un marco con una parte nula". Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities. • https://www.exploit-db.com/exploits/22406 http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=65464349951e0df9b5d80c2eb3cc7458d54923ae http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc http://www.openwall.com/lists/oss-security/2012/10/11/11 http://www.openwall.com/lists/oss-security/2012/10/30/6 https://bugs.kde.org/show_bug.cgi?id=271528 •
CVE-2011-1586 – kdenetwork: incomplete fix for CVE-2010-1000
https://notcve.org/view.php?id=CVE-2011-1586
Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000. Vulnerabilidad de salto de directorio en la función KGetMetalink::File::isValidNameAttr en ui/metalinkcreator/metalinker.cpp en KGet en KDE SC v4.6.2 y anteriores, permite a atacantes remotos crear ficheros de su elección a través de un .. (punto punto) en el atributo de nombre de un elemento de archivo en un archivo de Metalink. • http://openwall.com/lists/oss-security/2011/04/15/9 http://secunia.com/advisories/44124 http://secunia.com/advisories/44329 http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468 http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469&r2=1227468&pathrev=1227469 http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471&r2=1227470&pathr • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-1511
https://notcve.org/view.php?id=CVE-2010-1511
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file. KGet v2.4.2 en KDE SC v4.0.0 hasta v4.4.3 no solicita de forma adecuada la confirmación de descarga por parte del usuario, lo que facilita a atacantes remotos sobrescribir ficheros de su elección a través un fichero metalik manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html http://marc.info/?l=oss-security&m=127378789518426&w=2 http://osvdb.org/64689 http://secunia.com/advisories/39528 http://secunia.com/advisories/39787 http://secunia.com/secunia_research/2010-70 http://securitytracker.com/id?1023984 http://www.kde.org/info/security/advisory-20100513-1.txt http://www.securityfocus.com/archive/1/511279/100/0/threaded http://www.securityfocus.com/archive/1/511294 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0436 – kdm privilege escalation flaw
https://notcve.org/view.php?id=CVE-2010-0436
Race condition in backend/ctrl.c in KDM in KDE Software Compilation (SC) 2.2.0 through 4.4.2 allows local users to change the permissions of arbitrary files, and consequently gain privileges, by blocking the removal of a certain directory that contains a control socket, related to improper interaction with ksm. Condición de carrera en backend/ctrl.c en KDM en KDE Software Compilation (SC) v2.2.0 hasta v4.4.2 permite a usuarios locales cambiar de ficheros a su elección, y consecuentemente obtener privelegios, bloqueando el borrado de varios directorios que contienen sockets de control, relacionado con la interacción inadecuada con ksm. • ftp://ftp.kde.org/pub/kde/security_patches/kdebase-workspace-4.3.5-CVE-2010-0436.diff http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039533.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2010-0348.html http://secunia.com/advisories/39419 http://secunia.com/advisories/39481 http://secunia.com/advisories/39506 http://www.debian.org/security/2010/dsa-2037 http://www.kde.org/info/security/ • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2008-5698 – Konqueror 3.5.9 - 'load' Remote Crash
https://notcve.org/view.php?id=CVE-2008-5698
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. HTMLTokenizer::scriptHandler en Konqueror de KDE v3.5.9 y v3.5.10, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una llamada no válida a document.load, esto lanza que se use un objeto eliminado. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/6718 http://secunia.com/advisories/32208 http://securityreason.com/securityalert/4796 http://www.securityfocus.com/bid/31696 http://www.vupen.com/english/advisories/2008/2915 https://exchange.xforce.ibmcloud.com/vulnerabilities/45804 • CWE-399: Resource Management Errors •