CVSS: 6.5EPSS: 3%CPEs: 5EXPL: 0CVE-2015-0295 – Slackware Security Advisory - qt Updates
https://notcve.org/view.php?id=CVE-2015-0295
25 Mar 2015 — The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file. El decodificador BMP en QtGui en QT anterior a 5.5 no calcula correctamente las mascaras utilizadas para extraer los componentes de color, lo que permite a atacantes remotos causar una denegación de servicio (dividir por cero y caída) a través de un fichero BMP manipulado. Wolfgang S... • http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150800.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2014-0190 – Gentoo Linux Security Advisory 201412-25
https://notcve.org/view.php?id=CVE-2014-0190
08 May 2014 — The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via invalid width and height values in a GIF image. El decodificador GIF en QtGui en Qt anterior a 5.3 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de valores de ancho y alto inválidos en un imagen GIF. Wolfgang Schenk discovered that Qt incorrectly handled certain malformed GIF images. If a user or automated system were tricked into ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134040.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2013-4549 – Ubuntu Security Notice USN-2057-1
https://notcve.org/view.php?id=CVE-2013-4549
18 Dec 2013 — QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers to cause a denial of service (memory consumption) via an XML Entity Expansion (XEE) attack. QXmlSimpleReader en Qt anterior a v5.2 permite a los atacantes dependientes del contexto provocar una denegación de servicio (consumo de memoria) mediante un ataque XML Entity Expansion (XEE). It was discovered that QXmlSimpleReader in Qt incorrectly handled XML entity expansion. An attacker could use this flaw to cause Qt applications to consume la... • http://blog.qt.digia.com/blog/2014/04/24/qt-4-8-6-released • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 130EXPL: 0CVE-2013-4422 – Gentoo Linux Security Advisory 201311-03
https://notcve.org/view.php?id=CVE-2013-4422
23 Oct 2013 — SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message. Vulnerabilidad de inyección SQL en Quassel IRC anterior a la versión 0.9.1, cuando Qt 4.8.5 o posteriores y PostgreSQL 8.2 o posteriores son usados, permite a atacantes remotos ejecutar comandos SQL arbitrarios a través de una \ (barra invertida) en un mensaje. Two vulnerabilities in Quassel may resul... • http://bugs.quassel-irc.org/issues/1244 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 61EXPL: 0CVE-2013-0254 – qt: QSharedMemory class created shared memory segments with insecure permissions
https://notcve.org/view.php?id=CVE-2013-0254
06 Feb 2013 — The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. La clase QSharedMemory en Qt v5.0.0, v4.8.x anterior a v4.8.5, v4.7.x anterior a v4.7.6, y otras versiones incluida la v4.4.0 utiliza permisos débiles (escritura y... • http://lists.opensuse.org/opensuse-updates/2013-03/msg00014.html • CWE-264: Permissions, Privileges, and Access Controls •