Page 10 of 52 results (0.011 seconds)

CVSS: 6.8EPSS: 14%CPEs: 1EXPL: 0

Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. Múltiples vulnerabilidades de formato de cadena en (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, y (7) qsvgdevice.cpp en QTextEdit de Trolltech Qt 3 versiones anteriores a 3.3.8 20070727 permiten a atacantes remotos ejecutar código de su elección mediante especificadores de formato de cadena, en texto utilizado para componer mensajes de error. • ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc http://bugs.gentoo.org/show_bug.cgi?id=185446 http://dist.trolltech.com/developer/download/170529.diff http://fedoranews.org/updates/FEDORA-2007-221.shtml http://fedoranews.org/updates/FEDORA-2007-703.shtml http://secunia.com/advisories/24460 http://secunia.com/advisories/26264 http://secunia.com/advisories/26284 http://secunia.com/advisories/26291 http://secunia.com/advisories/26295 http://secunia.com& •

CVSS: 4.3EPSS: 3%CPEs: 2EXPL: 0

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. El decodificador de UTF-8 en el codecs/qutfcodec.cpp del Qt 3.3.8 y 4.2.3 no rechaza secuencias largas de UTF-8 como lo solicitado por el estándar, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) y de escalado de directorios mediante secuencias largas que decodifican metacaracteres peligrosos. • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc http://fedoranews.org/updates/FEDORA-2007-703.shtml http://rhn.redhat.com/errata/RHSA-2011-1324.html http://secunia.com/advisories/24699 http://secunia.com/advisories/24705 http://secunia.com/advisories/24726 http://secunia.com/advisories/24727 http://secunia.com/advisories/24759 http://secunia.com/advisories/24797 http://secunia.com/advisories/24847 http://secunia.com/advisories/24889 http://secuni •

CVSS: 6.8EPSS: 11%CPEs: 14EXPL: 0

Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. El desbordamiento de enteros en el Qt 3.3 versiones anteriores a 3.3.7, 4.1 anteriores a 4.1.5, y 4.2 anteriores a 4.2.1, como el usado en la librería KDE khtml, kdelibs 3.1.3, y, posiblemente otros paquetes, permite a los atacantes remotos causar la denegación de servicio (caída) y la posibilidad de ejecutar código de su elección mediante una imagen pixmap manipulada. • ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210742 http://lists.suse.com/archive/suse-security-announce/2006-Oct/0006.html http://secunia.com/advisories/22380 http://secunia.com/advisories/22397 http://secunia.com/advisories/22479 http://secunia.com/advisories/22485 http://secunia.com/advisories/22492 http://secunia.com/advisories/2 • CWE-189: Numeric Errors •

CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0

Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. • http://bugs.gentoo.org/show_bug.cgi?id=75181 http://www.gentoo.org/security/en/glsa/glsa-200503-01.xml http://www.securityfocus.com/bid/12695 •

CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 0

The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. El procesador XPM en la librería QT (qt3) en versiónes anteriores a 3.3.3 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante un fichero de imagen malformado que dispara una desreferencia nula, una vulnerabilidad distinta de CAN-2004-0693. • http://marc.info/?l=bugtraq&m=110979666528890&w=2 http://security.gentoo.org/glsa/glsa-200408-20.xml http://sunsolve.sun.com/search/document.do?assetkey=1-66-201610-1 http://www.debian.org/security/2004/dsa-542 http://www.mandriva.com/security/advisories?name=MDKSA-2004:085 http://www.novell.com/linux/security/advisories/2004_27_qt3.html http://www.redhat.com/support/errata/RHSA-2004-414.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17041 https://oval.cisecur •