CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1CVE-2018-21035 – qt5-qtwebsockets: websocket implementation allows only limited size for frames and messages therefore attacker can cause DOS
https://notcve.org/view.php?id=CVE-2018-21035
28 Feb 2020 — In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier for attackers to cause a denial of service (memory consumption). En Qt versiones hasta 5.14.1, la implementación de WebSocket acepta hasta 2GB para tramas y 2GB para mensajes. Los límites más pequeños no pueden ser configurados. • https://bugreports.qt.io/browse/QTBUG-70693 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 1CVE-2020-0570 – qt: files placed by attacker can influence the working directory and lead to malicious code execution
https://notcve.org/view.php?id=CVE-2020-0570
04 Feb 2020 — Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5.9.10 may allow an authenticated user to potentially enable elevation of privilege via local access. Una ruta de búsqueda no controlada en QT Library versiones anteriores a 5.14.0, 5.12.7 y 5.9.10, puede permitir a un usuario autenticado habilitar potencialmente una elevación de privilegios por medio un acceso local It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a ... • https://bugreports.qt.io/browse/QTBUG-81272 • CWE-73: External Control of File Name or Path CWE-426: Untrusted Search Path •
CVSS: 7.3EPSS: 0%CPEs: 30EXPL: 0CVE-2020-0569 – qt: files placed by attacker can influence the working directory and lead to malicious code execution
https://notcve.org/view.php?id=CVE-2020-0569
04 Feb 2020 — Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access. Una escritura fuera de límites en los productos Intel® PROSet/Wireless WiFi en Windows 10 puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio por medio de un acceso local It was discovered that Qt incorrectly handled certain PPM images. If a user or automated system were tricked into opening a specia... • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00338.html • CWE-73: External Control of File Name or Path CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-9541 – qt: XML entity expansion vulnerability
https://notcve.org/view.php?id=CVE-2015-9541
24 Jan 2020 — Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. Qt versiones hasta 5.14, permite un ataque de expansión de entidad XML exponencial por medio de un documento SVG diseñado que es manejado inapropiadamente en la función QXmlStreamReader, un problema relacionado con el CVE-2003-1564. An XML Entity Expansion flaw was found in the QT library. Applications that use QT to load untrusted images, for... • https://bugreports.qt.io/browse/QTBUG-47417 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 1CVE-2018-19872 – qt: Malformed PPM image causing division by zero and crash in qppmhandler.cpp
https://notcve.org/view.php?id=CVE-2018-19872
15 Mar 2019 — An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. Se ha descubierto un problema en Qt 5.11. Una imagen PPM mal formada provoca una división entre cero y un cierre inesperado en qppmhandler.cpp. It was discovered that Qt incorrectly handled certain PPM images. • http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19869 – qt5-qtsvg: Invalid parsing of malformed url reference resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-19869
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen SVG mal formada provoca un fallo de segmentación en qsvghandler.cpp. It was discovered that QtSvg incorrectly handled certain malformed SVG images. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00008.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 4EXPL: 0CVE-2018-15518 – qt5-qtbase: Double free in QXmlStreamReader
https://notcve.org/view.php?id=CVE-2018-15518
26 Dec 2018 — QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. QXmlStream en Qt 5.x en versiones anteriores a la 5.11.3 tiene una doble liberación (double free) o una corrupción durante el análisis de un documento XML ilegal especialmente manipulado. It was discovered that Qt incorrectly handled certain XML documents. A remote attacker could use this issue with a specially crafted XML document to cause Qt to crash, resulting in a denial of serv... • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19871 – qt5-qtimageformats: QTgaFile CPU exhaustion
https://notcve.org/view.php?id=CVE-2018-19871
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Hay un consumo de recursos no controlado en QTgaFile. The qt packages contain a software toolkit that simplifies the task of writing and maintaining Graphical User Interface applications for the X Window System. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-19870 – qt5-qtbase: QImage allocation failure in qgifhandler
https://notcve.org/view.php?id=CVE-2018-19870
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen GIF mal formada provoca una desreferencia de puntero NULL en QGifHandler, lo que resulta en un fallo de segmentación. It was discovered that Qt incorrectly handled certain XML documents. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-19873 – qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file
https://notcve.org/view.php?id=CVE-2018-19873
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. QBmpHandler tiene un desbordamiento de búfer mediante datos BMP. It was discovered that Qt incorrectly handled certain XML documents. • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •