Lucene search
K
KdeKonqueror

33 matches found

CVE
CVE
added 2004/09/01 4:0 a.m.94 views

CVE-2002-0970

Technical details about CVE-2002-0970 (affected software, affected component, exploit vectors, or fixes) are not provided in the connected documents. Monitor for updates from vendors and security advisories.

7.5CVSS6.1AI score0.02838EPSS
CVE
CVE
added 2004/05/20 4:0 a.m.94 views

CVE-2004-0411

CVE-2004-0411 describes improper filtering of leading '-' characters in hostname fields within telnet, rlogin, ssh, and mailto URI handlers in KDE/KDelibs up to version prior to 3.2.2 (and earlier). The vulnerability allows remote attackers to influence the options passed to the invoked programs,...

7.5CVSS7AI score0.07778EPSS
CVE
CVE
added 2004/09/24 4:0 a.m.84 views

CVE-2004-0867

CVE-2004-0867 affects Mozilla Firefox 0.9.2 by allowing websites to set cookies for country-specific top‑level domains (e.g., .ltd.uk, .plc.uk, .sch.uk), which could enable a session‑fixation attack and session hijack. The note indicates 2.x may also be affected. Technical details in the provided...

7.5CVSS6.9AI score0.17183EPSS
CVE
CVE
added 2004/07/23 4:0 a.m.79 views

CVE-2004-0721

CVE-2004-0721 affects Konqueror 3.1.3, 3.2.2 (and possibly other versions) where a frame in one domain can inject content into a frame in another domain, enabling web site spoofing and related attacks. The vulnerability stems from insufficient cross-domain frame isolation, as described in KDE/SUS...

7.5CVSS6.8AI score0.01619EPSS
CVE
CVE
added 2005/02/07 5:0 a.m.78 views

CVE-2005-0237

The CVE-2005-0237 issue affects Konqueror 3.2.1 (KDE 3.2.1): IDN support allows spoofing of domain names using punycode/homograph characters in URLs and SSL certificates, enabling phishing. Mitigation is to install the KDE/kdelibs3 security updates referenced by multiple advisories (e.g., SUSE-SA...

5CVSS6.2AI score0.01634EPSS
CVE
CVE
added 2004/12/10 5:0 a.m.77 views

CVE-2004-1165

CVE-2004-1165 affects Konqueror 3.3.1, where a crafted ftp:// URL containing a URL-encoded newline (%0a) can inject FTP commands (e.g., PORT) into the session. Exploitation would occur via remote interaction with the FTP handling code within Konqueror. Public advisories reference kdelibs/kdebase ...

7.5CVSS7.2AI score0.04437EPSS
CVE
CVE
added 2007/03/07 12:0 a.m.77 views

CVE-2007-1308

CVE-2007-1308 affects KDE Konqueror's JavaScript engine (KJS) in KDE 3.5.5, allowing a remote user to cause a denial of service (crash) by loading an iframe with an ftp:// URI in the src attribute (NULL pointer dereference). Concrete details and affected components are documented in connected adv...

4.3CVSS6.1AI score0.08185EPSS
CVE
CVE
added 2004/03/16 5:0 a.m.76 views

CVE-2003-0592

CVE-2003-0592 affects KDE’s kdelibs (Konqueror) up to version 3.1.3. The flaw lets remote attackers bypass cookie-path restrictions by using encoded relative path components (e.g., /.. or %2e%2e) in a URL, causing cookies to be sent to a path outside the intended subset and potentially to another...

7.5CVSS6.4AI score0.04409EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.76 views

CVE-2004-0866

CVE-2004-0866 involves Internet Explorer 6.0. The vulnerability allows websites to set cookies for country‑specific top‑level domains (e.g., .ltd.uk, .plc.uk, .sch.uk), which could enable a remote attacker to perform a session fixation attack and hijack a user’s HTTP session. The provided documen...

7.5CVSS6.9AI score0.10075EPSS
CVE
CVE
added 2007/01/29 4:0 p.m.75 views

CVE-2007-0537

CVE-2007-0537 affects KDE kdelibs (used by Konqueror 3.5.5); the vulnerability arises from improper parsing of HTML comments, enabling remote XSS and bypassing some protections by embedding certain tags within a comment in a title tag. Documented in multiple advisories (Mandrake/MDKSA, RHSA, Open...

2.6CVSS5.1AI score0.01796EPSS
CVE
CVE
added 2007/04/22 7:0 p.m.73 views

CVE-2007-2164

CVE-2007-2164 affects Konqueror 3.5.5 (release 45.4). The issue is a denial of service caused by JavaScript that matches a regex against a long string, demonstrated with /(.)*/. The vulnerability arises in the browser’s handling of such regex patterns, potentially leading to a crash or abort. Con...

5CVSS6.7AI score0.0142EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.72 views

CVE-2002-1151

CVE-2002-1151 affects Konqueror in KDE 2.2.2 and 3.0–3.0.3, where Konqueror’s cross-site scripting protection fails to correctly initialize domains on sub-frames/sub-iframes. This can allow remote attackers to run script and steal cookies from subframes that are in other domains. The issue is tie...

7.5CVSS6.1AI score0.03586EPSS
CVE
CVE
added 2004/12/10 5:0 a.m.72 views

CVE-2004-1158

CVE-2004-1158 affects Konqueror 3.x up to 3.2.2-6 (and possibly other versions). The vulnerability, described as a window-injection issue, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab that resides in a different domain, demo...

7.5CVSS6.4AI score0.0272EPSS
CVE
CVE
added 2007/12/28 9:0 p.m.72 views

CVE-2007-6591

CVE-2007-6591 affects KDE Konqueror 3.5.5 and 3.95.00. When a user accepts an SSL certificate based on the CN in the DN, Konqueror also treats it as valid for all names in subjectAltName:dNSName, even though SANs cannot be examined in the product. This enables attackers to trick users into accept...

4.3CVSS6.5AI score0.00822EPSS
CVE
CVE
added 2009/07/20 6:0 p.m.72 views

CVE-2009-2537

CVE-2009-2537 describes a denial of service in KDE Konqueror caused by processing a very large integer for the length property of a Select element. The issue is tied to the WebKit/KHTML stack used by Konqueror and results in memory exhaustion on remote providers. Connected advisories (e.g., Mandr...

4.3CVSS5.6AI score0.03186EPSS
CVE
CVE
added 2004/09/14 4:0 a.m.70 views

CVE-2004-0746

CVE-2004-0746 affects Konqueror in KDE 3.2.3 and earlier. The issue allows a remote attacker to cause a web site to set cookies for country-specific top‑level domains (for example .ltd.uk, .plc.uk, .firm.in), enabling a session fixation attack and potential HTTP session hijacking. Connected docum...

7.5CVSS6.7AI score0.0189EPSS
CVE
CVE
added 2007/08/08 9:0 p.m.70 views

CVE-2007-4224

CVE-2007-4224 affects KDE Konqueror 3.5.7, describing a remote-address-bar spoof in which an attacker can spoof the URL by calling setInterval with a short interval and changing window.location. The vulnerability targets Konqueror’s handling of the address bar and is documented alongside related ...

4.3CVSS6.1AI score0.01831EPSS
CVE
CVE
added 2007/08/08 9:0 p.m.70 views

CVE-2007-4225

CVE-2007-4225 affects KDE Konqueror 3.5.7. It is a visual truncation vulnerability that lets remote attackers spoof the URL address bar using an http URI with excessive whitespace in the user/password portion. CVSS data indicates network access, no authentication, and partial impact on confidenti...

6.8CVSS6AI score0.01959EPSS
CVE
CVE
added 2007/06/11 6:0 p.m.69 views

CVE-2007-3143

CVE-2007-3143 affects Konqueror 3.5.5. The issue is a visual truncation vulnerability in the address bar: when a long hostname is shown, it is truncated, which can allow remote attackers to spoof the URL and potentially conduct phishing attacks (notably demonstrated via HTTP Basic Authentication)...

6.4CVSS6.6AI score0.01987EPSS
CVE
CVE
added 2003/08/01 4:0 a.m.67 views

CVE-2003-0459

CVE-2003-0459 affects KDE Konqueror up to version 3.1.2, where credentials in URLs of the form user:password@host in the HTTP-Referer header are not removed. This may allow remote websites to steal user credentials for pages that link to them. The issue is a Kotlin? (not applicable) credential le...

5CVSS6.5AI score0.02899EPSS
CVE
CVE
added 2007/07/17 1:0 a.m.64 views

CVE-2007-3820

CVE-2007-3820 affects Konqueror (Konqueror 3.5.7) via konq_combo.cc: remote attacker can spoof the data: URI in the address bar by sending a long URI with trailing whitespace, causing the start of the URI to be hidden. This is a Konqueror/address-bar spoofing flaw. Public advisories exist (e.g., ...

2.6CVSS6AI score0.02562EPSS
CVE
CVE
added 2008/12/24 5:0 p.m.64 views

CVE-2008-5712

The CVE-2008-5712 issue affects KDE Konqueror 3.5.9 where the HTML parser can trigger a denial of service (application crash) by parsing overly long attributes: (1) COLOR in HR, and (2) BGCOLOR or BORDERCOLOR in TABLE, TD, or TR elements. The FONT vector is noted as covered by CVE-2008-4514. Root...

5CVSS6.4AI score0.03802EPSS
CVE
CVE
added 2007/03/21 7:0 p.m.63 views

CVE-2007-1565

CVE-2007-1565 affects Konqueror 3.5.5. The vulnerability occurs when JavaScript can read a child iframe with an ftp:// URI, allowing remote attackers to cause a denial of service (crash). Affected component is Konqueror’s handling of iframes/JavaScript; root cause is improper handling of FTP-rela...

7.8CVSS6.4AI score0.0126EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.62 views

CVE-2004-0870

CVE-2004-0870 affects KDE Konqueror. The issue: cookies set over HTTP can be seen on HTTPS within the same domain, enabling potential cookie theft and unauthorized activity (Cross Security Boundary Cookie Injection). The core cause is insecure-channel cookies being presented on secure channels fo...

5CVSS6.6AI score0.01457EPSS
CVE
CVE
added 2006/02/01 2:0 a.m.60 views

CVE-2005-4684

The vulnerability CVE-2005-4684 affects Konqueror and is caused by the DNS resolver handling a non-root domain in its search list, enabling a cookie to be associated with multiple domains or an attacker to steal cookies for an expanded hostname. The evidence in connected documents confirms the is...

6.4CVSS6.6AI score0.01376EPSS
CVE
CVE
added 2007/08/08 10:0 p.m.60 views

CVE-2007-4229

CVE-2007-4229 affects KDE Konqueror 3.5.7 and earlier. The vulnerability allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, demonstrated by documents containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. Root cause ...

4.3CVSS6.5AI score0.02184EPSS
CVE
CVE
added 2008/12/22 3:0 p.m.60 views

CVE-2008-5698

CVE-2008-5698 affects Konqueror (KDE 3.5.9 and 3.5.10). The vulnerability is described as a denial of service caused by an invalid document.load call that triggers use of a deleted object in HTMLTokenizer::scriptHandler. The issue is a remote-triggered crash and is linked to the use of a deleted ...

4.3CVSS6.6AI score0.03494EPSS
CVE
CVE
added 2004/06/08 4:0 a.m.58 views

CVE-2004-0527

CVE-2004-0527 affects KDE Konqueror 2.1.1 and 2.2.2. The issue allows remote attackers to spoof a legitimate URL in the status bar by using A HREF tags with modified alt values that point to the legitimate site, combined with an image map whose href points to the malicious site, enabling a phishi...

5CVSS7AI score0.05762EPSS
CVE
CVE
added 2008/10/02 6:0 p.m.57 views

CVE-2008-4382

Affected software: Konqueror in KDE 3.5.9. The vulnerability is triggered by JavaScript calling alert() with a URL-encoded string containing a large number of invalid characters, leading to an application crash (DoS). The supplied documents do not provide a specific patch/version for remediation....

5CVSS6.6AI score0.01105EPSS
CVE
CVE
added 2006/07/18 1:0 a.m.56 views

CVE-2006-3672

The CVE-2006-3672 issue affects KDE Konqueror 3.5.1 and earlier, where a remote attacker can cause a denial of service (application crash) by invoking replaceChild on a DOM object, triggering a null dereference (demonstrated by document.replaceChild with a 0 argument). Affected products are KDE K...

2.6CVSS6.5AI score0.06743EPSS
CVE
CVE
added 2007/03/21 7:0 p.m.54 views

CVE-2007-1564

CVE-2007-1564 concerns Konqueror 3.5.5’s FTP protocol handling. The vulnerability arises when a remote FTP server supplies an overly crafted PASV response, which can force the Konqueror client to connect to arbitrary servers. This behavior could enable a nearby attacker to perform a proxied port-...

6.8CVSS5.8AI score0.03778EPSS
CVE
CVE
added 2007/10/24 11:0 p.m.49 views

CVE-2003-1478

CVE-2003-1478 affects Konqueror in KDE 3.0.3. A crafted web page that starts with a 0xFF 0xFE byte sequence and many CRLFs can trigger a denial of service (core dump). Documented example uses freeze.htm. The sources note the vulnerability and impact but do not provide patch/version details or exp...

4.3CVSS7AI score0.04211EPSS
CVE
CVE
added 2007/11/15 10:0 p.m.47 views

CVE-2007-6000

CVE-2007-6000 affects KDE Konqueror up to version 3.5.6, allowing remote attackers to trigger a denial of service (crash) by sending large HTTP cookie parameters. Affected software: Konqueror (KDE desktop) prior to 3.5.7(?) with reliance on cookie handling. Root cause details are not extensively ...

5CVSS6.7AI score0.03338EPSS