CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1094 – kdelibs: SSL certificate for IP address accepted as valid for hosts that resolve to the IP
https://notcve.org/view.php?id=CVE-2011-1094
16 Mar 2011 — kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. kio/kio/tcpslavebase.cpp de KDE KSSL de kdelibs en versiones anteriores a la 4.6.1 no verifica apropiadamente que el nombre del servido... • http://openwall.com/lists/oss-security/2011/03/08/13 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 14%CPEs: 14EXPL: 0CVE-2006-4811
https://notcve.org/view.php?id=CVE-2006-4811
18 Oct 2006 — Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. El desbordamiento de enteros en el Qt 3.3 versiones anteriores a 3.3.7, 4.1 anteriores a 4.1.5, y 4.2 anteriores a 4.2.1, como el usado en la librería KDE khtml, kdelibs 3.1.3, y, posiblemente otros paquetes, permite a los ataca... • ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 33EXPL: 0CVE-2003-0459
https://notcve.org/view.php?id=CVE-2003-0459
01 Aug 2003 — KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. KDE Konqueror de KDE 3.1.2 y anteriores no elimina los credenciales de autenticación de URLs de la forma "usuario:contraseña@máquina" en la cabecera HTTP-Referer, lo que podría permitir a sitios web remotos robar las credenciales de páginas que enlazan a esos siti... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 •