Total
34 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0411 | 1 Kde | 1 Konqueror | 2024-02-13 | 7.5 HIGH | N/A |
| The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code. | |||||
| CVE-2009-4976 | 2 Kde, Urs Wolfer | 2 Konqueror, Kwebkitpart | 2023-12-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. | |||||
| CVE-2008-5712 | 1 Kde | 1 Konqueror | 2023-12-10 | 5.0 MEDIUM | N/A |
| The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514. | |||||
| CVE-2008-5698 | 1 Kde | 2 Kde, Konqueror | 2023-12-10 | 4.3 MEDIUM | N/A |
| HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2537 | 1 Kde | 1 Konqueror | 2023-12-10 | 4.3 MEDIUM | N/A |
| KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | |||||
| CVE-2008-4382 | 1 Kde | 1 Konqueror | 2023-12-10 | 5.0 MEDIUM | N/A |
| Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters. | |||||
| CVE-2007-6000 | 1 Kde | 1 Konqueror | 2023-12-10 | 5.0 MEDIUM | N/A |
| KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. | |||||
| CVE-2007-3820 | 1 Kde | 1 Konqueror | 2023-12-10 | 2.6 LOW | N/A |
| konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. | |||||
| CVE-2007-1308 | 1 Kde | 1 Konqueror | 2023-12-10 | 4.3 MEDIUM | N/A |
| ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. | |||||
| CVE-2007-3143 | 1 Kde | 1 Konqueror | 2023-12-10 | 6.4 MEDIUM | N/A |
| Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | |||||
| CVE-2007-1564 | 1 Kde | 1 Konqueror | 2023-12-10 | 6.8 MEDIUM | N/A |
| The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | |||||
| CVE-2007-1565 | 1 Kde | 1 Konqueror | 2023-12-10 | 7.8 HIGH | N/A |
| Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI. | |||||
| CVE-2007-4225 | 1 Kde | 1 Konqueror | 2023-12-10 | 6.8 MEDIUM | N/A |
| Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. | |||||
| CVE-2007-2164 | 1 Kde | 1 Konqueror | 2023-12-10 | 5.0 MEDIUM | N/A |
| Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. | |||||
| CVE-2007-6591 | 1 Kde | 1 Konqueror | 2023-12-10 | 4.3 MEDIUM | N/A |
| KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. | |||||
| CVE-2007-4229 | 1 Kde | 1 Konqueror | 2023-12-10 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-0537 | 1 Kde | 1 Konqueror | 2023-12-10 | 2.6 LOW | N/A |
| The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. | |||||
| CVE-2007-4224 | 1 Kde | 1 Konqueror | 2023-12-10 | 4.3 MEDIUM | N/A |
| KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. | |||||
| CVE-2004-1165 | 1 Kde | 2 Kdelibs, Konqueror | 2023-12-10 | 7.5 HIGH | N/A |
| Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | |||||
| CVE-2004-1158 | 3 Kde, Mandrakesoft, Redhat | 3 Konqueror, Mandrake Linux, Fedora Core | 2023-12-10 | 7.5 HIGH | N/A |
| Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | |||||