CVSS: 7.5EPSS: 1%CPEs: 25EXPL: 0CVE-2012-6093 – Ubuntu Security Notice USN-1723-1
https://notcve.org/view.php?id=CVE-2012-6093
14 Feb 2013 — The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate. La función QSslSocket::sslErrors en Qt anterior a v4.6.5, v4.7.x anterior a v4.7.6, v4.8.x anterior a v4.8.5, cuando se usan cierta... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582 • CWE-310: Cryptographic Issues •
CVSS: 5.5EPSS: 0%CPEs: 61EXPL: 0CVE-2013-0254 – qt: QSharedMemory class created shared memory segments with insecure permissions
https://notcve.org/view.php?id=CVE-2013-0254
06 Feb 2013 — The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. La clase QSharedMemory en Qt v5.0.0, v4.8.x anterior a v4.8.5, v4.7.x anterior a v4.7.6, y otras versiones incluida la v4.4.0 utiliza permisos débiles (escritura y... • http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 4%CPEs: 16EXPL: 0CVE-2011-3193 – qt/harfbuzz buffer overflow
https://notcve.org/view.php?id=CVE-2011-3193
22 Sep 2011 — Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Desbordamiento de buffer de memoria dinámica en la función Lookup_MarkMarkPos del módulo HarfBuzz (harfbuzz-gpos.c), tal como se usa en Qt anteriores a 4.7.4 y Pango. Permite a atacantes remotos provocar una denegación de servicio (caída) y posible... • http://cgit.freedesktop.org/harfbuzz.old/commit/?id=81c8ef785b079980ad5b46be4fe7c7bf156dbf65 • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 42EXPL: 0CVE-2009-2700 – Mandriva Linux Security Advisory 2009-225
https://notcve.org/view.php?id=CVE-2009-2700
02 Sep 2009 — src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. src/network/ssl/qsslcertificate.cpp en Nokia Trolltech Qt v4.x no gestiona adecuadamente el carácter '\0'en un nombre de dominio en el campo Subject... • http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6 • CWE-20: Improper Input Validation •