Vulnerabilities > KDE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-08 | CVE-2007-4229 | Denial of Service vulnerability in KDE Konqueror Assert Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. network kde | 4.3 |
| 2007-08-08 | CVE-2007-4225 | Remote Security vulnerability in KDE Konqueror 3.5.7 Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. network kde | 6.8 |
| 2007-08-08 | CVE-2007-4224 | Link Following vulnerability in KDE Konqueror 3.5.7 KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. | 4.3 |
| 2007-06-11 | CVE-2007-3143 | Authentication Server Domain Spoofing vulnerability in KDE Konqueror 3.5.5 Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | 6.4 |
| 2007-04-22 | CVE-2007-2164 | Denial-Of-Service vulnerability in KDE Konqueror 3.5.5 Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | 5.0 |
| 2007-03-21 | CVE-2007-1564 | Information Exposure vulnerability in KDE Konqueror 3.5.5 The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | 6.8 |
| 2007-03-07 | CVE-2007-1308 | Resource Management Errors vulnerability in KDE Konqueror 3.5.5 ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. | 4.3 |
| 2007-01-09 | CVE-2007-0104 | Improper Input Validation vulnerability in multiple products The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | 6.8 |
| 2006-12-29 | CVE-2006-6811 | Reachable Assertion vulnerability in multiple products KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. | 6.5 |
| 2006-12-20 | CVE-2006-6660 | Denial Of Service vulnerability in KDE LibkHTML NodeType Function The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag. network kde | 4.3 |