Kde

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2004-0690 1Kde 1Kde Apr 16, 2026 Sep 28, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
CVE-2004-0689 2Debian Kde 2Debian Linux Kde Apr 16, 2026 Sep 28, 2004 N/A· v4 7.1 HIGH· v3 4.6 MEDIUM· v2 KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
CVE-2004-0870 1Kde 1Konqueror Apr 16, 2026 Sep 16, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and cond...Show more KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."Show less
CVE-2004-0866 4Kde MicrosoftMozilla+1 more 5Firefox IeInternet Explorer+2 more Apr 16, 2026 Sep 16, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a us...Show more Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.Show less
CVE-2004-0527 1Kde 1Konqueror Apr 16, 2026 Aug 6, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points...Show more KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.Show less
CVE-2004-0721 1Kde 1Konqueror Apr 16, 2026 Jul 27, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attack...Show more Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.Show less
CVE-2004-0411 1Kde 1Konqueror Apr 16, 2026 Jul 7, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the...Show more The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.Show less
CVE-2003-0592 1Kde 2Konqueror Konqueror Embedded Apr 16, 2026 Apr 15, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes...Show more Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.Show less
CVE-2003-0988 1Kde 1Kde Apr 16, 2026 Feb 17, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
CVE-2003-1478 1Kde 1Konqueror Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm.
CVE-2003-0692 1Kde 1Kde Apr 16, 2026 Oct 6, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user...Show more KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.Show less
CVE-2003-0690 1Kde 1Kde Apr 16, 2026 Oct 6, 2003 N/A· v4 N/A· v3 10.0 HIGH· v2 KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain...Show more KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module.Show less
CVE-2003-0459 2Kde Redhat 8Analog Real Time Synthesizer KdebaseKdelibs+5 more Apr 16, 2026 Aug 27, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pa...Show more KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.Show less
CVE-2003-0370 4Apple KdeRedhat+1 more 6Kde Konqueror EmbeddedLinux+3 more Apr 16, 2026 Jun 16, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
CVE-2003-0355 2Apple Kde 2Konqueror Embedded Safari Apr 16, 2026 Jun 9, 2003 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.
CVE-2003-0256 1Kde 1Kopete Apr 16, 2026 May 27, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.
CVE-2003-0204 1Kde 1Kde Apr 16, 2026 May 5, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Gho...Show more KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer.Show less
CVE-2002-1393 1Kde 1Kde Apr 16, 2026 Jan 17, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filen...Show more Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.Show less
CVE-2002-2333 1Kde 1Kde Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes.
CVE-2002-1306 1Kde 1Kde Apr 16, 2026 Nov 29, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute...Show more Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KDE 3.x before 3.0.4, allow (1) local and possibly remote attackers to execute arbitrary code via the "lisa" daemon, and (2) remote attackers to execute arbitrary code via a certain "lan://" URL.Show less

Previous 1...6 789 10 Next