Home/Product/kde konqueror
Product

kde konqueror

34 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2009-2537
all versions
KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length p
 CVE-2008-5712
all versions
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COL
 CVE-2008-5698
all versions
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (applicatio
 CVE-2008-4514
all versions
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag wit
 CVE-2008-4382
all versions
Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the aler
 CVE-2007-6591
all versions
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field,
 CVE-2007-6000
<= 3.5.6
KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters.
 CVE-2007-4229
<= 3.5.7
Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertio
 CVE-2007-4225
all versions
Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a
 CVE-2007-4224
all versions
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing
 CVE-2007-3820
all versions
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI
 CVE-2007-3143
all versions
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing
 CVE-2007-2164
all versions
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that mat
 CVE-2007-1565
all versions
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an
 CVE-2007-1564
all versions
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform
 CVE-2007-1308
all versions
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service
 CVE-2007-0537
all versions
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers t
 CVE-2006-3672
<= 3.5.1
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChi
 CVE-2005-4684
all versions
Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allow
 CVE-2005-0237
all versions
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using pu
 CVE-2004-1165
all versions
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("
 CVE-2004-1158
all versions
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting conten
 CVE-2004-0867
all versions
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.u
 CVE-2004-0746
all versions
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.u
 CVE-2004-0870
all versions
KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (H
 CVE-2004-0866
all versions
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.u
 CVE-2004-0527
all versions
KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "a
 CVE-2004-0721
all versions
Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a
 CVE-2004-0411
<= 3.2.2
The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telne
 CVE-2003-0592
all versions
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web applic
 CVE-2003-1478
all versions
Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE"
 CVE-2003-0459
all versions
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in t
 CVE-2002-1151
all versions
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on s
 CVE-2002-0970
all versions
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed cert
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin