| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.mitre.oval:def:9334 | V | KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. | 2013-04-29 |
| oval:org.mitre.oval:def:11281 | V | Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | 2013-04-29 |
| oval:org.mitre.oval:def:11371 | V | Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | 2013-04-29 |