CVSS: 7.5EPSS: 12%CPEs: 30EXPL: 3CVE-2010-2621 – Qt 4.6.3 - 'QSslSocketBackendPrivate::transmit()' Denial of Service
https://notcve.org/view.php?id=CVE-2010-2621
02 Jul 2010 — The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. La función QSslSocketBackendPrivate::transmit en src_network_ssl_qsslsocket_openssl.cpp en Qt v4.6.3 y anteriores permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de una solicitud mal formada. • https://www.exploit-db.com/exploits/14268 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 42EXPL: 0CVE-2009-2700
https://notcve.org/view.php?id=CVE-2009-2700
02 Sep 2009 — src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. src/network/ssl/qsslcertificate.cpp en Nokia Trolltech Qt v4.x no gestiona adecuadamente el carácter '\0'en un nombre de dominio en el campo Subject... • http://qt.gitorious.org/qt/qt/commit/802d8c02eaa0aa9cd8d0c6cbd18cd814e6337bc6 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 65EXPL: 0CVE-2007-4137 – QT off by one buffer overflow
https://notcve.org/view.php?id=CVE-2007-4137
18 Sep 2007 — Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. Error de superación de límite (off-by-one) en la función QUtf8Decoder::toUnicode de Trolltech Qt3 permite a usuarios locales o remotos (dependiendo del contexto) provocar una denegación de ... • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-193: Off-by-one Error •
CVSS: 8.8EPSS: 14%CPEs: 1EXPL: 0CVE-2007-3388 – qt3 format string flaw
https://notcve.org/view.php?id=CVE-2007-3388
03 Aug 2007 — Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. Múltiples vulnerabilidades de formato de cadena en (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qg... • ftp://patches.sgi.com/support/free/security/advisories/20070801-01-P.asc •
CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 0CVE-2007-0242 – QT UTF8 improper character expansion
https://notcve.org/view.php?id=CVE-2007-0242
03 Apr 2007 — The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. El decodificador de UTF-8 en el codecs/qutfcodec.cpp del Qt 3.3.8 y 4.2.3 no rechaza secuencias largas de UTF-8 como lo solicitado por el estándar, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de ... • ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc •
CVSS: 8.8EPSS: 10%CPEs: 14EXPL: 0CVE-2006-4811
https://notcve.org/view.php?id=CVE-2006-4811
18 Oct 2006 — Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. El desbordamiento de enteros en el Qt 3.3 versiones anteriores a 3.3.7, 4.1 anteriores a 4.1.5, y 4.2 anteriores a 4.2.1, como el usado en la librería KDE khtml, kdelibs 3.1.3, y, posiblemente otros paquetes, permite a los ataca... • ftp://patches.sgi.com/support/free/security/advisories/20061002-01-P • CWE-189: Numeric Errors •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2005-0627
https://notcve.org/view.php?id=CVE-2005-0627
04 Mar 2005 — Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs. • http://bugs.gentoo.org/show_bug.cgi?id=75181 •
CVSS: 8.8EPSS: 21%CPEs: 1EXPL: 1CVE-2004-0691 – Qt - '.bmp' Parsing Bug Heap Overflow
https://notcve.org/view.php?id=CVE-2004-0691
25 Aug 2004 — Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. Desbordamiento de búfer basado en el montón en el procesador de formato de imagen BMP de la librería QT (qt3) anteriores a 3.3.3 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) y posiblemente ejecutar código de su elección. • https://www.exploit-db.com/exploits/408 •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2004-0693
https://notcve.org/view.php?id=CVE-2004-0693
25 Aug 2004 — The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. El procesador GIF en la librería QT (qt3) en versiónes anteriores a 3.3.3 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante un fichero de imagen malformado que dispara una desreferencia nula, una vulnerabilidad distinta de CAN-2004-0692. • http://security.gentoo.org/glsa/glsa-200408-20.xml •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2004-0692
https://notcve.org/view.php?id=CVE-2004-0692
25 Aug 2004 — The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693. El procesador XPM en la librería QT (qt3) en versiónes anteriores a 3.3.3 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) mediante un fichero de imagen malformado que dispara una desreferencia nula, una vulnerabilidad distinta de CAN-2004-0693. • http://marc.info/?l=bugtraq&m=110979666528890&w=2 •