VYPR

Konqueror Embedded

by KDE

CVEs (4)

  • CVE-2003-0592Apr 15, 2004
    risk 0.00cvss epss 0.04

    Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL…

  • CVE-2003-0459Aug 27, 2003
    risk 0.00cvss epss 0.03

    KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

  • CVE-2003-0370Jun 16, 2003
    risk 0.00cvss epss 0.02

    Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

  • CVE-2003-0355Jun 9, 2003
    risk 0.00cvss epss 0.01

    Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.