KDE 3.3.2

rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."

Published: 2012-11-11T11:00:00.000Z
Updated: 2024-08-06T20:35:09.931Z

backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors.

Published: 2007-09-21T18:00:00.000Z
Updated: 2024-08-07T15:01:09.954Z

The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.

Published: 2007-01-09T00:00:00.000Z
Updated: 2024-08-07T12:03:37.070Z

KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users to read arbitrary files via a symlink attack related to the session type for login.

Published: 2006-06-15T10:00:00.000Z
Updated: 2024-08-07T17:51:04.699Z

Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.

Published: 2006-01-20T21:00:00.000Z
Updated: 2024-08-07T16:18:20.752Z

kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.

Published: 2005-09-06T04:00:00.000Z
Updated: 2024-08-07T22:30:00.960Z

langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.

Published: 2005-08-17T04:00:00.000Z
Updated: 2024-08-07T22:15:37.383Z

Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.

Published: 2005-07-26T04:00:00.000Z
Updated: 2024-08-07T22:06:57.721Z

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

Published: 2005-04-24T04:00:00.000Z
Updated: 2024-08-07T21:28:27.162Z

KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.

Published: 2005-04-13T04:00:00.000Z
Updated: 2024-08-07T21:13:54.229Z

Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.

Published: 2005-02-16T05:00:00.000Z
Updated: 2024-08-07T20:57:41.117Z

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

Published: 2004-12-10T05:00:00.000Z
Updated: 2024-08-08T00:39:00.912Z

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

Published: 2004-12-22T05:00:00.000Z
Updated: 2024-08-08T00:39:00.871Z