CVE-2012-4514 – Konqueror 4.7.3 - Memory Corruption
https://notcve.org/view.php?id=CVE-2012-4514
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part." rendering/render_replaced.cpp en Konqueror en KDE antes de v4.9.3 permite a atacantes remotos provocar una denegación de servicio (desreferencia puntero NULL) a través de una página web modificada, relacionado con "tratar de volver a utilizar un marco con una parte nula". Konqueror version 4.7.3 suffers from a number of memory corruption vulnerabilities. • https://www.exploit-db.com/exploits/22406 http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html http://quickgit.kde.org/index.php?p=kdelibs.git&a=commitdiff&h=65464349951e0df9b5d80c2eb3cc7458d54923ae http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc http://www.openwall.com/lists/oss-security/2012/10/11/11 http://www.openwall.com/lists/oss-security/2012/10/30/6 https://bugs.kde.org/show_bug.cgi?id=271528 •
CVE-2008-5698 – Konqueror 3.5.9 - 'load' Remote Crash
https://notcve.org/view.php?id=CVE-2008-5698
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. HTMLTokenizer::scriptHandler en Konqueror de KDE v3.5.9 y v3.5.10, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una llamada no válida a document.load, esto lanza que se use un objeto eliminado. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/6718 http://secunia.com/advisories/32208 http://securityreason.com/securityalert/4796 http://www.securityfocus.com/bid/31696 http://www.vupen.com/english/advisories/2008/2915 https://exchange.xforce.ibmcloud.com/vulnerabilities/45804 • CWE-399: Resource Management Errors •
CVE-2008-1671
https://notcve.org/view.php?id=CVE-2008-1671
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to send SIGUSR1 signals to other processes. start_kdeinit en KDE de 3.5.5 a 3.5.9, cuando está instalado setuid root, permite a usuarios locales provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante "una entrada influenciable por el usuario" (probablemente argumentos en línea de comandos) que provocan que start_kdeinit envíe señales SIGUSR1 a otros procesos. • ftp://ftp.kde.org/pub/kde/security_patches/post-kde-3.5.5-kinit.diff http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29951 http://secunia.com/advisories/29977 http://secunia.com/advisories/30113 http://security.gentoo.org/glsa/glsa-200804-30.xml http://www.kde.org/info/security/advisory-20080426-2.txt http://www.mandriva.com/security/advisories?name=MDVSA-2008:097 http://www.securityfocus.com/bid/28938 http:// • CWE-16: Configuration •