Lucene search

Kdebase Security Vulnerabilities - July

cve

CVE-2003-0459

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

6.5AI Score

0.005EPSS

2003-08-27 04:00 AM

cve

CVE-2003-0547

GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.

6.2AI Score

0.0004EPSS

2003-08-27 04:00 AM

cve

CVE-2003-0548

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.

6.5AI Score

0.004EPSS

2003-08-27 04:00 AM

cve

CVE-2003-0549

The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.

6.4AI Score

0.004EPSS

2003-08-27 04:00 AM