CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19871 – qt5-qtimageformats: QTgaFile CPU exhaustion
https://notcve.org/view.php?id=CVE-2018-19871
An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. Hay un consumo de recursos no controlado en QTgaFile. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00002.html https://access.redhat.com/errata/RHSA-2019:2135 https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates https://codereview.qt-project.org/#/c/237761 https://lists.debian.org/debian-lts-announce/2019/05/msg00014.html https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html https://access.redhat.com/security/cve/CVE-2018-19871 https://bugzilla.redhat.com/show_bug&# • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-19873 – qt5-qtbase: QBmpHandler segmentation fault on malformed BMP file
https://notcve.org/view.php?id=CVE-2018-19873
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data. Se ha descubierto un problema en versiones anteriores a la 5.11.3 de Qt. QBmpHandler tiene un desbordamiento de búfer mediante datos BMP. • http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00057.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00073.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00090.html https://access.redhat.com/errata/RHSA-2019:2135 https://access.redhat.com/errata/RHSA-2019:3390 https://blog.qt.io/blog/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-19865
https://notcve.org/view.php?id=CVE-2018-19865
A keystroke logging issue was discovered in Virtual Keyboard in Qt 5.7.x, 5.8.x, 5.9.x, 5.10.x, and 5.11.x before 5.11.3. Se ha descubierto un problema de registro de pulsaciones del teclado en Virtual Keyboard en Qt, en versiones 5.7.x, 5.8.x, 5.9.x, 5.10.x y versiones 5.11.x anteriores a la 5.11.3. • http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00085.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00086.html https://codereview.qt-project.org/#/c/243666 https://codereview.qt-project.org/#/c/244569 https://codereview.qt-project.org/#/c/244687 https://codereview.qt-project.org/#/c/244845 https://codereview.qt-project.org/#/c/245283 https&# • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1290
https://notcve.org/view.php?id=CVE-2015-1290
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. El motor Google V8, tal y como se utiliza en Google Chrome en versiones anteriores a la 44.0.2403.89 y QtWebEngineCore en Qt en versiones anteriores a la 5.5.1, permiten que atacantes remotos provoquen una denegación de servicio (corrupción de memoria) o ejecuten código arbitrario mediante un sitio web manipulado. • http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1 http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80 https://bugs.chromium.org/p/chromium/issues/detail?id=505374 https://codereview.chromium.org/1233453004 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10904
https://notcve.org/view.php?id=CVE-2017-10904
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. Qt para Android en versiones anteriores a la 5.9.0 permite que los atacantes remotos ejecuten comandos de sistema operativo arbitrarios mediante vectores sin especificar. • https://blog.qt.io/blog/2017/11/22/security-advisory-qt-android https://jvn.jp/en/jp/JVN67389262/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •