Vulnerabilities > Redhat > Kdelibs > 2.1.1.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-03-16 | CVE-2011-1094 | Improper Input Validation vulnerability in Redhat Kdelibs kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a certificate issued by a legitimate Certification Authority for an IP address, a different vulnerability than CVE-2009-2702. | 4.3 |
| 2003-08-27 | CVE-2003-0459 | KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. | 5.0 |