Kdebase
by Red Hat
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-0459 | 0.00 | — | 0.03 | Aug 27, 2003 | KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. | |||
| CVE-2003-0549 | 0.00 | — | 0.01 | Aug 27, 2003 | The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name. | |||
| CVE-2003-0547 | 0.00 | — | 0.00 | Aug 27, 2003 | GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file. | |||
| CVE-2003-0548 | 0.00 | — | 0.01 | Aug 27, 2003 | The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549. |
- CVE-2003-0459Aug 27, 2003risk 0.00cvss —epss 0.03
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
- CVE-2003-0549Aug 27, 2003risk 0.00cvss —epss 0.01
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.
- CVE-2003-0547Aug 27, 2003risk 0.00cvss —epss 0.00
GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.
- CVE-2003-0548Aug 27, 2003risk 0.00cvss —epss 0.01
The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.