diff options
| author | Remko Lodder <remko@FreeBSD.org> | 2007-09-19 17:06:27 +0000 |
|---|---|---|
| committer | Remko Lodder <remko@FreeBSD.org> | 2007-09-19 17:06:27 +0000 |
| commit | 995f5c074d05537e8d2911e1e13d15b6d9ad031c (patch) | |
| tree | 20272778173f51e8a96d4fc6ccabe53f0697e191 /security/vuxml/vuln.xml | |
| parent | ce6cba427784f26a05811624e7bac0658bc770cb (diff) | |
| download | ports-995f5c074d05537e8d2911e1e13d15b6d9ad031c.tar.gz ports-995f5c074d05537e8d2911e1e13d15b6d9ad031c.zip | |
Notes
Diffstat (limited to 'security/vuxml/vuln.xml')
| -rw-r--r-- | security/vuxml/vuln.xml | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 79d342c332b5..76606b77abf2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,71 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="14ad2a28-66d2-11dc-b25f-02e0185f8d72"> + <topic>konquerer -- address bar spoofing</topic> + <affects> + <package> + <name>kdebase3</name> + <range><lt>3.5.7_3</lt></range> + </package> + <package> + <name>kdelibs3</name> + <range><lt>3.5.7_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The KDE development team reports:</p> + <blockquote cite="http://www.kde.org/info/security/advisory-20070914-1.txt"> + <p>The Konqueror address bar is vulnerable to spoofing attacks + that are based on embedding white spaces in the url. In addition + the address bar could be tricked to show an URL which it is + intending to visit for a short amount of time instead of the + current URL.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-3820</cvename> + <cvename>CVE-2007-4224</cvename> + <cvename>CVE-2007-4225</cvename> + <url>http://www.kde.org/info/security/advisory-20070914-1.txt</url> + </references> + <dates> + <discovery>2007-09-14</discovery> + <entry>2007-09-19</entry> + </dates> + </vuln> + + <vuln vid="79b616d0-66d1-11dc-b25f-02e0185f8d72"> + <topic>kdm -- passwordless login vulnerability</topic> + <affects> + <package> + <name>kdebase3</name> + <range><lt>3.5.7_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The KDE development team reports:</p> + <blockquote cite="http://www.kde.org/info/security/advisory-20070919-1.txt"> + <p>KDM can be tricked into performing a password-less login + even for accounts with a password set under certain + circumstances, namely autologin to be configured and + "shutdown with password" enabled.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-4569</cvename> + <url>http://www.kde.org/info/security/advisory-20070919-1.txt</url> + </references> + <dates> + <discovery>2007-09-19</discovery> + <entry>2007-09-19</entry> + </dates> + </vuln> + <vuln vid="209f0d75-4b5c-11dc-a6cd-000fb5066b20"> <topic>flyspray -- authentication bypass</topic> <affects> |