Vulnerabilities (CVE)

Filtered by vendor Kde Subscribe
Filtered by product Konqueror
Total 34 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4976 2 Kde, Urs Wolfer 2 Konqueror, Kwebkitpart 2024-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.
CVE-2009-2537 1 Kde 1 Konqueror 2024-02-28 4.3 MEDIUM N/A
KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
CVE-2008-5712 1 Kde 1 Konqueror 2024-02-28 5.0 MEDIUM N/A
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR element. NOTE: the FONT vector is already covered by CVE-2008-4514.
CVE-2008-4382 1 Kde 1 Konqueror 2024-02-28 5.0 MEDIUM N/A
Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
CVE-2008-5698 1 Kde 2 Kde, Konqueror 2024-02-28 4.3 MEDIUM N/A
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information.
CVE-2007-3820 1 Kde 1 Konqueror 2024-02-28 2.6 LOW N/A
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
CVE-2007-1564 1 Kde 1 Konqueror 2024-02-28 6.8 MEDIUM N/A
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVE-2007-4229 1 Kde 1 Konqueror 2024-02-28 4.3 MEDIUM N/A
Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3143 1 Kde 1 Konqueror 2024-02-28 6.4 MEDIUM N/A
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
CVE-2007-6591 1 Kde 1 Konqueror 2024-02-28 4.3 MEDIUM N/A
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
CVE-2007-2164 1 Kde 1 Konqueror 2024-02-28 5.0 MEDIUM N/A
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
CVE-2007-6000 1 Kde 1 Konqueror 2024-02-28 5.0 MEDIUM N/A
KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters.
CVE-2007-0537 1 Kde 1 Konqueror 2024-02-28 2.6 LOW N/A
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.
CVE-2007-1308 1 Kde 1 Konqueror 2024-02-28 4.3 MEDIUM N/A
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.
CVE-2007-4224 1 Kde 1 Konqueror 2024-02-28 4.3 MEDIUM N/A
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
CVE-2007-1565 1 Kde 1 Konqueror 2024-02-28 7.8 HIGH N/A
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.
CVE-2007-4225 1 Kde 1 Konqueror 2024-02-28 6.8 MEDIUM N/A
Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.
CVE-2004-1165 1 Kde 2 Kdelibs, Konqueror 2024-02-28 7.5 HIGH N/A
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
CVE-2006-3672 1 Kde 1 Konqueror 2024-02-28 2.6 LOW N/A
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument.
CVE-2004-1158 3 Kde, Mandrakesoft, Redhat 3 Konqueror, Mandrake Linux, Fedora Core 2024-02-28 7.5 HIGH N/A
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.