CVSS: 8.8EPSS: 2%CPEs: 12EXPL: 0CVE-2015-1858 – Gentoo Linux Security Advisory 201603-10
https://notcve.org/view.php?id=CVE-2015-1858
22 Apr 2015 — Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. Múltiples desbordamientos del buffer en gui/image/qbmphandler.cpp en el módulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegación de servicio (fallo de segmentación y ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 12EXPL: 0CVE-2015-1859 – Gentoo Linux Security Advisory 201603-10
https://notcve.org/view.php?id=CVE-2015-1859
22 Apr 2015 — Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. Múltiples desbordamientos de buffer en plugins/imageformats/ico/qicohandler.cpp en el módulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegación de servi... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 3%CPEs: 12EXPL: 0CVE-2015-1860 – Gentoo Linux Security Advisory 201603-10
https://notcve.org/view.php?id=CVE-2015-1860
22 Apr 2015 — Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. Múltiples desbordamientos de buffer en gui/image/qgifhandler.cpp en el módulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegación de servicio (fallo de segmentación) y posiblemen... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 4%CPEs: 5EXPL: 0CVE-2015-0295 – Slackware Security Advisory - qt Updates
https://notcve.org/view.php?id=CVE-2015-0295
25 Mar 2015 — The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. El decodificador BMP en QtGui en QT anterior a 5.5 no calcula correctamente las mascaras utilizadas para extraer los componentes de color, lo que permite a atacantes remotos causar una denegación de servicio (dividir por cero y caída) a través de un fichero BMP manipulado. Wolfgang S... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2014-0190 – Gentoo Linux Security Advisory 201412-25
https://notcve.org/view.php?id=CVE-2014-0190
08 May 2014 — The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. El decodificador GIF en QtGui en Qt anterior a 5.3 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de valores de ancho y alto inválidos en un imagen GIF. Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 0CVE-2013-4549 – Ubuntu Security Notice USN-2057-1
https://notcve.org/view.php?id=CVE-2013-4549
18 Dec 2013 — QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. QXmlSimpleReader en Qt anterior a v5.2 permite a los atacantes dependientes del contexto provocar una denegación de servicio (consumo de memoria) mediante un ataque XML Entity Expansion (XEE). It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume la... • http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 64EXPL: 0CVE-2012-5624
https://notcve.org/view.php?id=CVE-2012-5624
24 Feb 2013 — The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application. El objeto XMLHttpRequest en Qt anterior a v4.8.4 permite la redirección http al fichero scheme, lo que permite llevar a atacantes de hombre-en-medio (man-in-the-middle) forzar la lectura de ficheros locales arbitrarios y posiblemente obtener información sens... • http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2012-6093
https://notcve.org/view.php?id=CVE-2012-6093
24 Feb 2013 — The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. La función QSslSocket::sslErrors en Qt anterior a v4.6.5, v4.7.x anterior a v4.7.6, v4.8.x anterior a v4.8.5, cuando se usan cierta... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 61EXPL: 0CVE-2013-0254 – qt: QSharedMemory class created shared memory segments with insecure permissions
https://notcve.org/view.php?id=CVE-2013-0254
06 Feb 2013 — The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. La clase QSharedMemory en Qt v5.0.0, v4.8.x anterior a v4.8.5, v4.7.x anterior a v4.7.6, y otras versiones incluida la v4.4.0 utiliza permisos débiles (escritura y... • http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.9EPSS: 0%CPEs: 31EXPL: 1CVE-2010-5076 – Qt: QSslSocket incorrect handling of IP wildcards in certificate Common Name
https://notcve.org/view.php?id=CVE-2010-5076
29 Jun 2012 — QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. QSslSocket de Qt anteriores a 4.7.0-rc1 reconoce direcciones IP comodín en el campo "Common Name" del "subject" de un certificado X.509, lo que permite a atacantes "man-in-the-middle" suplantar servidores SSL arbitrarios a través de u... • http://qt.gitorious.org/qt/qt/commit/5f6018564668d368f75e431c4cdac88d7421cff0 • CWE-20: Improper Input Validation •