cbcvebase.

Kde Konqueror vulnerabilities

32 known vulnerabilities affecting kde/konqueror.

Total CVEs
32
CISA KEV
0
Public exploits
10
Exploited in wild
0
Severity breakdown
HIGH12MEDIUM17LOW3

Vulnerabilities

Page 2 of 2
CVE-2004-0721P4HIGHCVSS 7.5v3.1.3v3.2.22004-07-27
CVE-2004-0721 [HIGH] CVE-2004-0721: Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
nvd
CVE-2002-1151P4HIGHCVSS 7.5v2.2.2v3.0+3 more2002-10-11
CVE-2002-1151 [HIGH] CVE-2002-1151: The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not proper The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
nvd
CVE-2003-0459P4MEDIUMCVSS 5.0v2.1.1v2.2.2+8 more2003-08-27
CVE-2003-0459 [MEDIUM] CVE-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
nvd
CVE-2005-4684P4MEDIUMCVSS 6.4v0.1v2.1.1+21 more2005-12-31
CVE-2005-4684 [MEDIUM] CVE-2005-4684: Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain i Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates
nvd
CVE-2005-0237P4MEDIUMCVSS 5.0v3.2.12005-05-02
CVE-2005-0237 [MEDIUM] CVE-2005-0237: The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
nvd
CVE-2007-4224P4MEDIUMCVSS 4.3v3.5.72007-08-08
CVE-2007-4224 [MEDIUM] CWE-59 CVE-2007-4224: KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
nvd
CVE-2004-0870P4MEDIUMCVSS 5.0v2.1.1v2.1.2+16 more2004-09-16
CVE-2004-0870 [MEDIUM] CVE-2004-0870: KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
nvd
CVE-2007-2164P4MEDIUMCVSS 5.0v3.5.52007-04-22
CVE-2007-2164 [MEDIUM] CVE-2007-2164: Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
nvd
CVE-2007-6591P4MEDIUMCVSS 4.3v3.5.5v3.95.002007-12-28
CVE-2007-6591 [MEDIUM] CVE-2007-6591: KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the C KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting
nvd
CVE-2008-4382P4MEDIUMCVSS 5.0v3.5.92008-10-02
CVE-2008-4382 [MEDIUM] CWE-399 CVE-2008-4382: Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
nvd
CVE-2007-3820P4LOWCVSS 2.6v3.5.72007-07-17
CVE-2007-3820 [LOW] CVE-2007-3820: konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
nvd
CVE-2007-0537P4LOWCVSS 2.6v3.5.52007-01-29
CVE-2007-0537 [LOW] CVE-2007-0537: The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, w The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.
nvd
Kde Konqueror vulnerabilities | cvebase