Every CVE whose affected-product data names Kde Konqueror, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2007-1565 — CVSS 7.8 (high): Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp://…
CVE-2003-0592 — CVSS 7.5 (high): Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via…
CVE-2004-0411 — CVSS 7.5 (high): The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2)…
CVE-2004-1158 — CVSS 7.5 (high): Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from…
CVE-2002-1151 — CVSS 7.5 (high): The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames…
CVE-2004-1165 — CVSS 7.5 (high): Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a")…
CVE-2004-0721 — CVSS 7.5 (high): Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame…
CVE-2002-0970 — CVSS 7.5 (high): The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate…
CVE-2004-0746 — CVSS 7.5 (high): Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and…
CVE-2004-0866 — CVSS 7.5 (high): Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which…
CVE-2004-0867 — CVSS 7.5 (high): Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which…
CVE-2007-1564 — CVSS 6.8 (medium): The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied…
CVE-2007-4225 — CVSS 6.8 (medium): Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large…
CVE-2007-3143 — CVSS 6.4 (medium): Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks…
CVE-2005-4684 — CVSS 6.4 (medium): Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote…
CVE-2004-0870 — CVSS 5.0 (medium): KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL)…
CVE-2007-6000 — CVSS 5.0 (medium): KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a denial of service (crash) via large HTTP cookie parameters.
CVE-2004-0527 — CVSS 5.0 (medium): KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt"…
CVE-2008-4382 — CVSS 5.0 (medium): Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert…
CVE-2005-0237 — CVSS 5.0 (medium): The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode…
CVE-2008-5712 — CVSS 5.0 (medium): The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR…
CVE-2003-0459 — CVSS 5.0 (medium): KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the…
CVE-2007-2164 — CVSS 5.0 (medium): Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a…
CVE-2009-2537 — CVSS 4.3 (medium): KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property…
CVE-2003-1478 — CVSS 4.3 (medium): Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a "xFFxFE" byte…
CVE-2007-1308 — CVSS 4.3 (medium): ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash)…
CVE-2007-4224 — CVSS 4.3 (medium): KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the…
CVE-2007-4229 — CVSS 4.3 (medium): Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and…
CVE-2007-6591 — CVSS 4.3 (medium): KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards…
CVE-2008-5698 — CVSS 4.3 (medium): HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash)…
CVE-2006-3672 — CVSS 2.6 (low): KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method…
CVE-2007-0537 — CVSS 2.6 (low): The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct…
CVE-2007-3820 — CVSS 2.6 (low): konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with…