GCVE - cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:kde:konqueror:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Kde (`d8ba08cf-7ec1-5504-a5b9-f8cfa50ca850`)
Product	Konqueror (`4f2f5ab6-c769-5e47-9418-f0068486a5d8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/konqueror`	purl2cpe	2026-06-01 10:14:04.900481
`pkg:deb/ubuntu/konqueror`	purl2cpe	2026-06-01 10:14:04.900482
`pkg:github/kde/konqueror`	purl2cpe	2026-06-01 10:14:04.900484
`pkg:rpm/fedora/konqueror`	purl2cpe	2026-06-01 10:14:04.900485
`pkg:rpm/opensuse/konqueror`	purl2cpe	2026-06-01 10:14:04.900486

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2012-4512`	vulnerable	2026-06-03 14:32:19.282798	Details available The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion." Published: 2020-02-08T18:09:56.000Z Updated: 2024-08-06T20:35:09.972Z Open on db.gcve.eu Reference links http://www.nth-dimension.org.uk/pub/NDSA20121010.txt.asc http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html http://archives.neohapsis.com/archives/bugtraq/2012-11/0005.html http://www.openwall.com/lists/oss-security/2012/10/11/11 http://www.openwall.com/lists/oss-security/2012/10/30/6	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-4976`	not_vulnerable	2026-06-03 14:29:59.807288	Details available Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536. Published: 2010-08-02T20:00:00.000Z Updated: 2024-08-07T07:24:53.689Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/60878 http://websvn.kde.org/?view=rev&revision=1059140 https://bugs.kde.org/show_bug.cgi?id=217464	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2537`	vulnerable	2026-06-03 14:29:41.756901	Details available KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Published: 2009-07-20T18:00:00.000Z Updated: 2024-08-07T05:52:15.290Z Open on db.gcve.eu Reference links http://www.g-sec.lu/one-bug-to-rule-them-all.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:330 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html http://www.securityfocus.com/archive/1/504988/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-5698`	vulnerable	2026-06-03 14:29:10.659711	Details available HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information. Published: 2008-12-22T15:00:00.000Z Updated: 2024-08-07T11:04:44.062Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/31696 http://secunia.com/advisories/32208 http://www.vupen.com/english/advisories/2008/2915 https://exchange.xforce.ibmcloud.com/vulnerabilities/45804 http://securityreason.com/securityalert/4796	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-6000`	vulnerable	2026-06-03 14:28:28.309308	Details available KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters. Published: 2007-11-15T22:00:00.000Z Updated: 2024-08-07T15:47:00.640Z Open on db.gcve.eu Reference links http://securityreason.com/securityalert/3370 https://exchange.xforce.ibmcloud.com/vulnerabilities/38456 http://www.securityfocus.com/bid/26435 http://www.securityfocus.com/archive/1/483705/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2007-4229`	vulnerable	2026-06-03 14:28:18.081400	Details available Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: 2007-08-08T22:00:00.000Z Updated: 2024-08-07T14:46:39.406Z Open on db.gcve.eu Reference links http://downloads.securityfocus.com/vulnerabilities/exploits/25170.html http://www.securityfocus.com/archive/1/475266/100/0/threaded http://www.securityfocus.com/bid/25170 http://osvdb.org/42552	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2006-3672`	vulnerable	2026-06-03 14:27:35.654247	Details available KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. Published: 2006-07-18T01:00:00.000Z Updated: 2024-08-07T18:39:53.579Z Open on db.gcve.eu Reference links http://www.mandriva.com/security/advisories?name=MDKSA-2006:130 http://www.osvdb.org/27058 http://www.securityfocus.com/bid/18978 https://exchange.xforce.ibmcloud.com/vulnerabilities/27744 http://www.vupen.com/english/advisories/2006/2812	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2004-0411`	vulnerable	2026-06-03 14:26:35.438859	Details available The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code. Published: 2004-05-20T04:00:00.000Z Updated: 2024-08-08T00:17:14.648Z Open on db.gcve.eu Reference links http://www.redhat.com/support/errata/RHSA-2004-222.html http://www.novell.com/linux/security/advisories/2004_14_kdelibs.html http://www.kde.org/info/security/advisory-20040517-1.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/16163 http://www.securityfocus.com/advisories/6717	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.