CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10905
https://notcve.org/view.php?id=CVE-2017-10905
15 Dec 2017 — A vulnerability in applications created using Qt for Android prior to 5.9.3 allows attackers to alter environment variables via unspecified vectors. Una vulnerabilidad en aplicaciones creadas mediante Qt para Android en versiones anteriores a la 5.9.3 permite que atacantes alteren variables del entorno mediante vectores sin especificar. • https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2017-15011
https://notcve.org/view.php?id=CVE-2017-15011
03 Oct 2017 — The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string. Las tuberías nombradas en qtsingleapp en QT 5.x, tal y como se usan en qBittorrent y SugarSync, están configuradas para que se puedan acceder de manera remota y permitan que atacantes remotos provoquen una denegación de servicio (cierre inesperado de la aplicación) mediante una cadena no especif... • https://hackinparis.com/data/slides/2017/2017_Cohen_Gil_The_forgotten_interface_Windows_named_pipes.pdf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2015-7298
https://notcve.org/view.php?id=CVE-2015-7298
26 Oct 2015 — ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote attackers to conduct man-in-the-middle (MITM) attacks by leveraging a server using a self-signed certificate. NOTE: this vulnerability exists because of a partial CVE-2015-4456 regression. ownCloud Desktop Client en versiones anteriores a 2.0.1, cuando es compliado con un lanzamiento de Qt en versiones posterio... • https://owncloud.org/security/advisory/?id=oc-sa-2015-016 •
CVSS: 8.8EPSS: 2%CPEs: 12EXPL: 0CVE-2015-1858 – Gentoo Linux Security Advisory 201603-10
https://notcve.org/view.php?id=CVE-2015-1858
22 Apr 2015 — Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image. Múltiples desbordamientos del buffer en gui/image/qbmphandler.cpp en el módulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegación de servicio (fallo de segmentación y ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 3%CPEs: 12EXPL: 0CVE-2015-1859 – Gentoo Linux Security Advisory 201603-10
https://notcve.org/view.php?id=CVE-2015-1859
22 Apr 2015 — Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image. Múltiples desbordamientos de buffer en plugins/imageformats/ico/qicohandler.cpp en el módulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegación de servi... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 3%CPEs: 12EXPL: 0CVE-2015-1860 – Gentoo Linux Security Advisory 201603-10
https://notcve.org/view.php?id=CVE-2015-1860
22 Apr 2015 — Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image. Múltiples desbordamientos de buffer en gui/image/qgifhandler.cpp en el módulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegación de servicio (fallo de segmentación) y posiblemen... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 3%CPEs: 5EXPL: 0CVE-2015-0295 – Slackware Security Advisory - qt Updates
https://notcve.org/view.php?id=CVE-2015-0295
25 Mar 2015 — The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. El decodificador BMP en QtGui en QT anterior a 5.5 no calcula correctamente las mascaras utilizadas para extraer los componentes de color, lo que permite a atacantes remotos causar una denegación de servicio (dividir por cero y caída) a través de un fichero BMP manipulado. Wolfgang S... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2014-0190 – Gentoo Linux Security Advisory 201412-25
https://notcve.org/view.php?id=CVE-2014-0190
08 May 2014 — The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. El decodificador GIF en QtGui en Qt anterior a 5.3 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de valores de ancho y alto inválidos en un imagen GIF. Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2013-4549 – Ubuntu Security Notice USN-2057-1
https://notcve.org/view.php?id=CVE-2013-4549
18 Dec 2013 — QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. QXmlSimpleReader en Qt anterior a v5.2 permite a los atacantes dependientes del contexto provocar una denegación de servicio (consumo de memoria) mediante un ataque XML Entity Expansion (XEE). It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume la... • http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 130EXPL: 0CVE-2013-4422 – Gentoo Linux Security Advisory 201311-03
https://notcve.org/view.php?id=CVE-2013-4422
23 Oct 2013 — SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message. Vulnerabilidad de inyección SQL en Quassel IRC anterior a la versión 0.9.1, cuando Qt 4.8.5 o posteriores y PostgreSQL 8.2 o posteriores son usados, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una \ (barra invertida) en un mensaje. Two vulnerabilities in Quassel may resul... • http://bugs.quassel-irc.org/issues/1244 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •