CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2018-19870 – qt5-qtbase: QImage allocation failure in qgifhandler
https://notcve.org/view.php?id=CVE-2018-19870
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. A malformed GIF image causes a NULL pointer dereference in QGifHandler resulting in a segmentation fault. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Una imagen GIF mal formada provoca una desreferencia de puntero NULL en QGifHandler, lo que resulta en un fallo de segmentación. It was discovered that Qt incorrectly handled certain XML documents. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-19871 – qt5-qtimageformats: QTgaFile CPU exhaustion
https://notcve.org/view.php?id=CVE-2018-19871
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Hay un consumo de recursos no controlado en QTgaFile. The qt packages contain a software toolkit that simplifies the task of writing and maintaining Graphical User Interface applications for the X Window System. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 12%CPEs: 4EXPL: 0CVE-2018-19873 – qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file
https://notcve.org/view.php?id=CVE-2018-19873
26 Dec 2018 — An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. QBmpHandler tiene un desbordamiento de búfer mediante datos BMP. It was discovered that Qt incorrectly handled certain XML documents. • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 4EXPL: 0CVE-2018-15518 – qt5-qtbase: Double free in QXmlStreamReader
https://notcve.org/view.php?id=CVE-2018-15518
26 Dec 2018 — QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document. QXmlStream en Qt 5.x en versiones anteriores a la 5.11.3 tiene una doble liberación (double free) o una corrupción durante el análisis de un documento XML ilegal especialmente manipulado. It was discovered that Qt incorrectly handled certain XML documents. A remote attacker could use this issue with a specially crafted XML document to cause Qt to crash, resulting in a denial of serv... • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19865
https://notcve.org/view.php?id=CVE-2018-19865
05 Dec 2018 — A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. Se ha descubierto un problema de registro de pulsaciones del teclado en Virtual Keyboard en Qt, en versiones 5.7.x, 5.8.x, 5.9.x, 5.10.x y versiones 5.11.x anteriores a la 5.11.3. • http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1290
https://notcve.org/view.php?id=CVE-2015-1290
09 Jan 2018 — The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. El motor Google V8, tal y como se utiliza en Google Chrome en versiones anteriores a la 44.0.2403.89 y QtWebEngineCore en Qt en versiones anteriores a la 5.5.1, permiten que atacantes remotos provoquen una denegación de servicio (corrupción de memoria) o ejecuten código arbitrario ... • http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2017-10904
https://notcve.org/view.php?id=CVE-2017-10904
15 Dec 2017 — Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Qt para Android en versiones anteriores a la 5.9.0 permite que los atacantes remotos ejecuten comandos de sistema operativo arbitrarios mediante vectores sin especificar. • https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10905
https://notcve.org/view.php?id=CVE-2017-10905
15 Dec 2017 — A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. Una vulnerabilidad en aplicaciones creadas mediante Qt para Android en versiones anteriores a la 5.9.3 permite que atacantes alteren variables del entorno mediante vectores sin especificar. • https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2017-15011
https://notcve.org/view.php?id=CVE-2017-15011
03 Oct 2017 — The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. Las tuberías nombradas en qtsingleapp en QT 5.x, tal y como se usan en qBittorrent y SugarSync, están configuradas para que se puedan acceder de manera remota y permitan que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante una cadena no especif... • https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7298
https://notcve.org/view.php?id=CVE-2015-7298
26 Oct 2015 — ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. ownCloud Desktop Client en versiones anteriores a 2.0.1, cuando es compliado con un lanzamiento de Qt en versiones posterio... • https://owncloud.org/security/advisory/?id=oc-sa-2015-016 •