Search CVE reports
1 – 10 of 35 results
Some fixes available 3 of 9
kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof...
2 affected packages
kde4libs, kdelibs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kde4libs | — | — | — | — |
| kdelibs | — | — | — | — |
Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop.
3 affected packages
kde4libs, kdelibs, qt4-x11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kde4libs | — | — | — | — |
| kdelibs | — | — | — | — |
| qt4-x11 | — | — | — | — |
WebKit before r50173, as used in Google Chrome before 3.0.195.32, allows remote attackers to cause a denial of service (CPU consumption) via a web page that calls the JavaScript setInterval method, which triggers...
4 affected packages
kde4libs, kdelibs, qt4-x11, webkit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kde4libs | — | — | — | — |
| kdelibs | — | — | — | — |
| qt4-x11 | — | — | — | — |
| webkit | — | — | — | — |
QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to...
4 affected packages
kde4libs, kdelibs, qt4-x11, webkit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kde4libs | — | — | — | — |
| kdelibs | — | — | — | — |
| qt4-x11 | — | — | — | — |
| webkit | — | — | — | — |
Some fixes available 9 of 11
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...
2 affected packages
kde4libs, kdelibs
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kde4libs | — | — | — | — |
| kdelibs | — | — | — | — |
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive...
4 affected packages
webkit, kdelibs, kde4libs, qt4-x11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| webkit | — | — | — | — |
| kdelibs | — | — | — | — |
| kde4libs | — | — | — | — |
| qt4-x11 | — | — | — | — |
Some fixes available 12 of 22
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT...
8 affected packages
firefox, kde4libs, kdelibs, qt4-x11, seamonkey...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| firefox | — | — | — | — |
| kde4libs | — | — | — | — |
| kdelibs | — | — | — | — |
| qt4-x11 | — | — | — | — |
| seamonkey | — | — | — | — |
| webkit | — | — | — | — |
| xulrunner-1.9 | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — |
Some fixes available 4 of 21
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly...
4 affected packages
webkit, kde4libs, kdelibs, qt4-x11
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| webkit | — | — | — | — |
| kde4libs | — | — | — | — |
| kdelibs | — | — | — | — |
| qt4-x11 | — | — | — | — |
Some fixes available 13 of 16
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a...
4 affected packages
kde4libs, kdelibs, qt4-x11, webkit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kde4libs | — | — | — | — |
| kdelibs | — | — | — | — |
| qt4-x11 | — | — | — | — |
| webkit | — | — | — | — |
Some fixes available 13 of 16
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to...
4 affected packages
kde4libs, kdelibs, qt4-x11, webkit
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| kde4libs | — | — | — | — |
| kdelibs | — | — | — | — |
| qt4-x11 | — | — | — | — |
| webkit | — | — | — | — |