| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. |
| klprfax_filter in KDE2 KDEUtils allows local users to overwrite arbitrary files via a symlink attack on the klprfax.filter temporary file. |
| KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. |
| Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. |
| KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." |
| Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. |
| Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long. |
| KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. |
| Buffer overflow in kppp in KDE allows local users to gain root access via a long -c (account_name) command line argument. |
| Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable. |
| KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server. |
| Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices. |
| Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file. |
| KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps. |
| Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows remote attackers to cause a denial of service (crash) via an IMG tag with large width and height attributes. |
| The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files. |
| Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. |
| Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file. |
| Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. |
| The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code. |